Your submission was sent successfully! Close

CVE-2012-4431

Published: 19 December 2012

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Priority

Medium

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
Upstream
Released (6.0.35-6)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1394456
tomcat7
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.28-4)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1393088