FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tomcat -- bypass of CSRF prevention filter

Affected packages
6.0.0 <= tomcat6 <= 6.0.35
7.0.0 <= tomcat7 <= 7.0.31

Details

VuXML ID 953911fe-51ef-11e2-8e34-0022156e8794
Discovery 2012-12-04
Entry 2012-12-04

The Apache Software Foundation reports:

The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.

References

CVE Name CVE-2012-4431
URL http://tomcat.apache.org/security-6.html
URL http://tomcat.apache.org/security-7.html