FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-4431

This CVE name corresponds to:

Entered Topic
2012-12-04 tomcat -- bypass of CSRF prevention filter

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-4431 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-4431
Phase Assigned(20120821)

Description

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

References

Source Reference
BUGTRAQ 20121204 CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
CONFIRM http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088
CONFIRM http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1393088&r2=1393087&pathrev=1393088
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1393088
CONFIRM http://tomcat.apache.org/security-6.html
CONFIRM http://tomcat.apache.org/security-7.html
HP HPSBMU02873
HP SSRT101182
HP HPSBST02955
REDHAT RHSA-2013:0267
REDHAT RHSA-2013:0268
REDHAT RHSA-2013:0647
REDHAT RHSA-2013:0648
REDHAT RHSA-2013:1437
REDHAT RHSA-2013:1853
SUSE openSUSE-SU-2013:0161
SUSE openSUSE-SU-2013:0192
SUSE openSUSE-SU-2012:1700
SUSE openSUSE-SU-2012:1701
SUSE openSUSE-SU-2013:0147
UBUNTU USN-1685-1
OVAL oval:org.mitre.oval:def:18541
SECTRACK 1027834
SECUNIA 57126

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.