Back to search
CVE-2015-5351
Published: Feb 25, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
83330
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
GLSA-201705-09
vendor-advisory
x_refsource_GENTOO
http://svn.apache.org/viewvc?view=revision&revision=1720658
x_refsource_CONFIRM
openSUSE-SU-2016:0865
vendor-advisory
x_refsource_SUSE
http://tomcat.apache.org/security-9.html
x_refsource_CONFIRM
USN-3024-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2016:0769
vendor-advisory
x_refsource_SUSE
DSA-3530
vendor-advisory
x_refsource_DEBIAN
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak
mailing-list
x_refsource_BUGTRAQ
RHSA-2016:1089
vendor-advisory
x_refsource_REDHAT
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
RHSA-2016:1087
vendor-advisory
x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1720655
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
1035069
vdb-entry
x_refsource_SECTRACK
https://bto.bluecoat.com/security-advisory/sa118
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1720663
x_refsource_CONFIRM
RHSA-2016:2807
vendor-advisory
x_refsource_REDHAT
RHSA-2016:1088
vendor-advisory
x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180531-0001/
x_refsource_CONFIRM
RHSA-2016:2808
vendor-advisory
x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1720661
x_refsource_CONFIRM
SUSE-SU-2016:0822
vendor-advisory
x_refsource_SUSE
RHSA-2016:2599
vendor-advisory
x_refsource_REDHAT
DSA-3609
vendor-advisory
x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1720652
x_refsource_CONFIRM
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021
x_refsource_CONFIRM
DSA-3552
vendor-advisory
x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1720660
x_refsource_CONFIRM
[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now