Lucene search

K
cvelistRedhatCVELIST:CVE-2015-5351
HistoryFeb 25, 2016 - 1:00 a.m.

CVE-2015-5351

2016-02-2501:00:00
redhat
www.cve.org
6

AI Score

8.7

Confidence

High

EPSS

0.004

Percentile

72.2%

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

References