Cross-site Request Forgery (CSRF)

🗓️ 15 Jan 2019 08:56:33Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 36 Views

Apache Tomcat CSRF vulnerability fi

Reporter	Title	Published	Views	Family All 80
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass	17 Dec 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities	26 Nov 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass	17 Dec 201200:00	–	nessus
Tenable Nessus	Debian DSA-2725-1 : tomcat6 - several vulnerabilities	19 Jul 201300:00	–	nessus
Tenable Nessus	Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)	20 Dec 201200:00	–	nessus
Tenable Nessus	FreeBSD : tomcat -- bypass of CSRF prevention filter (953911fe-51ef-11e2-8e34-0022156e8794)	31 Dec 201200:00	–	nessus
Tenable Nessus	GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities	15 Dec 201400:00	–	nessus
Tenable Nessus	openSUSE Security Update : tomcat (openSUSE-SU-2012:1701-1)	13 Jun 201400:00	–	nessus

Vulners

Node

tomcat7 tomcat7Match7.0.30_3_patch_01.ep6.el6

tomcat7 tomcat7Match7.0.30_2_patch_01.ep6.el5

redhat jbosswebMatch2.1.10_5.patch01.1.1.ep5.el5

redhat jbosswebMatch2.1.13_2_patch_01.ep5.el5

redhat jbosswebMatch2.1.11_5.4.ep5.el5

redhat jbosswebMatch2.1.12_1.4_patch_01.ep5.el5

redhat jbosswebMatch2.1.12_3_patch_03.2.ep5.el6

redhat jbosswebMatch7.0.17_1.final_redhat_1.ep6.el6

redhat jbosswebMatch7.0.16_1.final_redhat_1.ep6.el6

redhat jbosswebMatch7.0.16_1.1.final_redhat_1.ep6.el5

redhat jbosswebMatch7.0.17_3.final_redhat_2.ep6.el5

redhat jbosswebMatch2.1.12_1.4_patch_01.ep5.el6

redhat jbosswebMatch2.0.0_3.cp05.0jpp.ep1.1.el5

redhat jbosswebMatch2.0.0_8.cp15.patch01.0jpp.ep1.1.el5

redhat jbosswebMatch2.1.11_5.4.ep5.el6

redhat jbosswebMatch7.0.17_3.final_redhat_2.ep6.el6

redhat jbosswebMatch7.0.17_1.final_redhat_1.ep6.el5

redhat jbosswebMatch2.1.13_4_patch_02.ep5.el6

redhat jbosswebMatch2.0.0_2.cp01.0jpp.ep1.4.el5

redhat jbosswebMatch2.1.13_2_patch_01.ep5.el6

redhat jbosswebMatch2.1.12_3_patch_03.2.ep5.el5

tomcat6 tomcat6Match6.0.24_111.el6_9

tomcat6 tomcat6Match6.0.24_24.el6_0

tomcat6 tomcat6Match6.0.24_62.el6

tomcat6 tomcat6Match6.0.24_52.el6_4

tomcat6 tomcat6Match6.0.24_36.el6_2

tomcat6 tomcat6Match6.0.24_83.el6_6

tomcat6 tomcat6Match6.0.24_48.el6_3

tomcat6 tomcat6Match6.0.24_57.el6_4

tomcat6 tomcat6Match6.0.24_72.el6_5

tomcat6 tomcat6Match6.0.24_95.el6

tomcat6 tomcat6Match6.0.24_105.el6_8

tomcat6 tomcat6Match6.0.24_98.el6_8

tomcat6 tomcat6Match6.0.24_78.el6_5

tomcat6 tomcat6Match6.0.24_35.el6_1

tomcat6 tomcat6Match6.0.24_33.el6

tomcat6 tomcat6Match6.0.32_24_patch_07.ep5.el6

tomcat6 tomcat6Match6.0.24_55.el6_4

tomcat6 tomcat6Match6.0.24_80.el6

tomcat6 tomcat6Match6.0.24_94.el6_7

tomcat6 tomcat6Match6.0.24_49.el6

tomcat6 tomcat6Match6.0.24_15.el6

tomcat6 tomcat6Match6.0.35_24_patch_01.ep6.el6

tomcat6 tomcat6Match6.0.32_35_patch_09.ep5.el6

tomcat6 tomcat6Match6.0.24_64.el6_5

tomcat6 tomcat6Match6.0.24_45.el6

tomcat6 tomcat6Match6.0.24_90.el6

tomcat6 tomcat6Match6.0.32_14_patch_03.ep5.el6

tomcat6 tomcat6Match6.0.32_31_patch_08.ep5.el6

Source	Link
securitytracker	www.securitytracker.com/id
archives	www.archives.neohapsis.com/archives/bugtraq/2012-12/0045.html
securityfocus	www.securityfocus.com/bid/56814
secunia	www.secunia.com/advisories/57126
rhn	www.rhn.redhat.com/errata/RHSA-2013-0268.html
access	www.access.redhat.com/security/updates/classification/
tomcat	www.tomcat.apache.org/security-7.html
marc	www.marc.info/
svn	www.svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
svn	www.svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

15 May 2019 06:18Current

9.1High risk

Vulners AI Score9.1

CVSS 24.3

EPSS0.09824