The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-02-25 01:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5351
Mitre link : CVE-2015-5351
CVE.ORG link : CVE-2015-5351
JSON object : View
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
apache
- tomcat
CWE
CWE-352
Cross-Site Request Forgery (CSRF)