CVE-2012-4431

Cross-Site Request Forgery (CSRF) in maven/org.apache.tomcat/tomcat

Identifiers

GHSA-76vr-72mv-mf3q, CVE-2012-4431

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Affected Versions

All versions starting from 6.0.0 before 6.0.36, all versions starting from 7.0.0 before 7.0.32

Solution

Upgrade to versions 6.0.36, 7.0.32 or above.

Last Modified

2022-07-25

source