vulnerability
Red Hat: CVE-2015-5351: Moderate: tomcat security, bug fix, and enhancement update (RHSA-2016:2599)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | 2016-02-24 | 2016-11-04 | 2018-01-17 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2016-02-24
Added
2016-11-04
Modified
2018-01-17
Description
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
Solution(s)
redhat-upgrade-tomcatredhat-upgrade-tomcat-admin-webappsredhat-upgrade-tomcat-docs-webappredhat-upgrade-tomcat-el-2-2-apiredhat-upgrade-tomcat-javadocredhat-upgrade-tomcat-jsp-2-2-apiredhat-upgrade-tomcat-jsvcredhat-upgrade-tomcat-libredhat-upgrade-tomcat-servlet-3-0-apiredhat-upgrade-tomcat-webapps
References
- SUSE-SUSE-SU-2016:0769
- SUSE-SUSE-SU-2016:0822
- REDHAT-RHSA-2016:1087
- REDHAT-RHSA-2016:1088
- REDHAT-RHSA-2016:1089
- REDHAT-RHSA-2016:2599
- REDHAT-RHSA-2016:2807
- REDHAT-RHSA-2016:2808
- DEBIAN-DLA-435-1
- DEBIAN-DSA-3530
- DEBIAN-DSA-3552
- DEBIAN-DSA-3609
- BID-83330
- SECTRACK-1035069
- UBUNTU-USN-3024-1
- GENTOO-GLSA-201705-09
- NVD-CVE-2015-5351
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.