vulnerability

Apache Tomcat: Moderate: CSRF token leak (CVE-2015-5351)

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 23, 2016
Added
Feb 23, 2016
Modified
Apr 14, 2025

Description

The index page of the Manager and Host Manager applications included a
valid CSRF token when issuing a redirect as a result of an
unauthenticated request to the root of the web application. If an
attacker had access to the Manager or Host Manager applications
(typically these applications are only accessible to internal users, not
exposed to the Internet), this token could then be used by the attacker
to construct a CSRF attack.

Solution(s)

apache-tomcat-upgrade-7_0_68apache-tomcat-upgrade-8_0_32
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.