vulnerability
Apache Tomcat: Moderate: CSRF token leak (CVE-2015-5351)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Feb 23, 2016 | Feb 23, 2016 | Apr 14, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 23, 2016
Added
Feb 23, 2016
Modified
Apr 14, 2025
Description
The index page of the Manager and Host Manager applications included a
valid CSRF token when issuing a redirect as a result of an
unauthenticated request to the root of the web application. If an
attacker had access to the Manager or Host Manager applications
(typically these applications are only accessible to internal users, not
exposed to the Internet), this token could then be used by the attacker
to construct a CSRF attack.
Solution(s)
apache-tomcat-upgrade-7_0_68apache-tomcat-upgrade-8_0_32

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.