Your submission was sent successfully! Close

CVE-2012-4431

Published: 19 December 2012

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Priority

Medium

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(6.0.24-2ubuntu1.11)
oneiric
Released (6.0.32-5ubuntu1.4)
precise
Released (6.0.35-1ubuntu3.2)
quantal
Released (6.0.35-5ubuntu0.1)
raring Not vulnerable
(6.0.35-6)
upstream
Released (6.0.35-6)
tomcat7
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric
Released (7.0.21-1ubuntu0.1)
precise
Released (7.0.26-1ubuntu1.2)
quantal
Released (7.0.30-0ubuntu1.1)
raring Not vulnerable
(7.0.34-0ubuntu1)
upstream
Released (7.0.28-4)