Lucene search

K

[email protected]CVE-2012-4431

HistoryDec 19, 2012 - 11:55 a.m.

CVE-2012-4431

2012-12-1911:55:00

CWE-264

[email protected]

web.nvd.nist.gov

51

cve-2012-4431

apache tomcat

csrf

nvd

security vulnerability

9.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.2%

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

CPENameOperatorVersion
apache:tomcatapache tomcateq6.0.33
apache:tomcatapache tomcateq6.0.0
apache:tomcatapache tomcateq6.0.6
apache:tomcatapache tomcateq6.0.4
apache:tomcatapache tomcateq6.0.11
apache:tomcatapache tomcateq6.0.7
apache:tomcatapache tomcateq6.0.15
apache:tomcatapache tomcateq6.0.20
apache:tomcatapache tomcateq6.0.9
apache:tomcatapache tomcateq6.0.10

Rows per page:

1-10 of 591

References

archives.neohapsis.com/archives/bugtraq/2012-12/0045.html

lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

lists.opensuse.org/opensuse-updates/2013-01/msg00051.html

lists.opensuse.org/opensuse-updates/2013-01/msg00080.html

marc.info/?l=bugtraq&m=136612293908376&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

rhn.redhat.com/errata/RHSA-2013-0267.html

rhn.redhat.com/errata/RHSA-2013-0268.html

rhn.redhat.com/errata/RHSA-2013-0647.html

rhn.redhat.com/errata/RHSA-2013-0648.html

rhn.redhat.com/errata/RHSA-2013-1437.html

rhn.redhat.com/errata/RHSA-2013-1853.html

secunia.com/advisories/57126

svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088

svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1393088&r2=1393087&pathrev=1393088

svn.apache.org/viewvc?view=revision&revision=1393088

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.securityfocus.com/bid/56814

www.securitytracker.com/id?1027834

www.ubuntu.com/usn/USN-1685-1

h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541

9.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.2%

Related for CVE-2012-4431

prion1 debiancve1 nessus18 redhat7 veracode1 securityvulns2 ubuntucve1 freebsd1 github1 seebug1 tomcat2 osv2 thn2 ubuntu1 openvas10 fedora1 f51 atlassian3 debian1 vmware2 gentoo1 ibm2