Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-5351

Опубликовано: 25 фев. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.8

Описание

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

esm-apps/xenial

not-affected

6.0.45+dfsg-1
esm-infra-legacy/trusty

not-affected

6.0.39-1ubuntu0.1
precise

not-affected

code not present
precise/esm

not-affected

code not present
trusty

released

6.0.39-1ubuntu0.1
trusty/esm

not-affected

6.0.39-1ubuntu0.1
upstream

released

6.0.45

Показывать по

РелизСтатусПримечание
artful

not-affected

7.0.68-1
bionic

not-affected

7.0.68-1
devel

not-affected

7.0.68-1
esm-apps/bionic

not-affected

7.0.68-1
esm-apps/xenial

not-affected

7.0.68-1
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.6
precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

released

7.0.52-1ubuntu0.6
trusty/esm

not-affected

7.0.52-1ubuntu0.6

Показывать по

РелизСтатусПримечание
artful

not-affected

8.0.32-1ubuntu1
bionic

not-affected

8.0.32-1ubuntu1
devel

not-affected

8.0.32-1ubuntu1
esm-apps/bionic

not-affected

8.0.32-1ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1
precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 84%
0.02344
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-5351

CVSS3: 8.8
redhat
больше 9 лет назад

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

nvd логотип

CVE-2015-5351

CVSS3: 8.8
nvd
больше 9 лет назад

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

debian логотип

CVE-2015-5351

CVSS3: 8.8
debian
больше 9 лет назад

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...

github логотип

GHSA-w7cg-5969-678w

CVSS3: 8.8
github
около 3 лет назад

Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token

fstec логотип

BDU:2016-00613

fstec
больше 9 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю обойти механизм защиты CSRF

EPSS

Процентиль: 84%
0.02344
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3