4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
54.2%
Important: Bypass of CSRF prevention filter CVE-2012-4431
The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.
This was fixed in revision 1393088.
This issue was identified by the Tomcat security team on 8 September 2012 and made public on 4 December 2012.
Affects: 7.0.0-7.0.31
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 7.0.0 | |
apache tomcat | le | 7.0.31 |