CSRF Token Bypass Vulnerability in Apache Tomcat
CVE-2015-5351 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
Learn more about our Cis Benchmark Audit For Apache Http Server.