Описание
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
Отчет
This issue did not affect the versions of tomcat5 as shipped with Red Hat Enterprise Linux 5 and tomcat6 as shipped with Red Hat Enterprise Linux 6 as they did not include the CSRF prevention filter.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | tomcat6 | Not affected | ||
| Red Hat JBoss BRMS 5 | jbossweb | Not affected | ||
| Red Hat JBoss Data Grid 6 | jbossweb | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | eap5 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | eap6 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | ewp5 | Not affected | ||
| Red Hat JBoss Operations Network 3.1 | jbossweb | Not affected | ||
| Red Hat JBoss Portal 5 | jbossweb | Not affected | ||
| Red Hat JBoss Portal 6 | jbossweb | Affected | ||
| Red Hat JBoss SOA Platform 5 | jbossweb | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ...
EPSS
4.3 Medium
CVSS2