CSRF Token Bypass Vulnerability in Apache Tomcat

CSRF Token Bypass Vulnerability in Apache Tomcat

CVE-2015-5351 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

Learn more about our Cis Benchmark Audit For Apache Http Server.