CVE Vulnerabilities

CVE-2012-4431

Published: Dec 19, 2012 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Affected Software

Name Vendor Start Version End Version
Tomcat Apache 6.0.33 6.0.33
Tomcat Apache 6.0.0 6.0.0
Tomcat Apache 6.0.6 6.0.6
Tomcat Apache 6.0.4 6.0.4
Tomcat Apache 6.0.11 6.0.11
Tomcat Apache 6.0.7 6.0.7
Tomcat Apache 6.0.4 6.0.4
Tomcat Apache 6.0.15 6.0.15
Tomcat Apache 6.0.20 6.0.20
Tomcat Apache 6.0.9 6.0.9
Tomcat Apache 6.0.10 6.0.10
Tomcat Apache 6.0.31 6.0.31
Tomcat Apache 6.0.29 6.0.29
Tomcat Apache 6.0.3 6.0.3
Tomcat Apache 6.0.9 6.0.9
Tomcat Apache 6.0.1 6.0.1
Tomcat Apache 6.0.7 6.0.7
Tomcat Apache 6.0.24 6.0.24
Tomcat Apache 6.0.17 6.0.17
Tomcat Apache 6.0 6.0
Tomcat Apache 6.0.32 6.0.32
Tomcat Apache 6.0.28 6.0.28
Tomcat Apache 6.0.0 6.0.0
Tomcat Apache 6.0.14 6.0.14
Tomcat Apache 6.0.6 6.0.6
Tomcat Apache 6.0.1 6.0.1
Tomcat Apache 6.0.12 6.0.12
Tomcat Apache 6.0.18 6.0.18
Tomcat Apache 6.0.2 6.0.2
Tomcat Apache 6.0.5 6.0.5
Tomcat Apache 6.0.7 6.0.7
Tomcat Apache 6.0.30 6.0.30
Tomcat Apache 6.0.2 6.0.2
Tomcat Apache 6.0.2 6.0.2
Tomcat Apache 6.0.13 6.0.13
Tomcat Apache 6.0.8 6.0.8
Tomcat Apache 6.0.26 6.0.26
Tomcat Apache 6.0.19 6.0.19
Tomcat Apache 6.0.27 6.0.27
Tomcat Apache 6.0.35 6.0.35
Tomcat Apache 6.0.16 6.0.16
Tomcat Apache 6.0.8 6.0.8

References