6.8
CVSSv2

CVE-2015-5351

Published: 25/02/2016 Updated: 19/07/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x prior to 7.0.68, 8.x prior to 8.0.31, and 9.x prior to 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote malicious users to bypass a CSRF protection mechanism by using a token.

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.0

apache tomcat 7.0.2

apache tomcat 7.0.4

apache tomcat 7.0.5

apache tomcat 7.0.6

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.12

apache tomcat 7.0.14

apache tomcat 7.0.16

apache tomcat 7.0.19

apache tomcat 7.0.20

apache tomcat 7.0.21

apache tomcat 7.0.22

apache tomcat 7.0.23

apache tomcat 7.0.25

apache tomcat 7.0.26

apache tomcat 7.0.27

apache tomcat 7.0.28

apache tomcat 7.0.29

apache tomcat 7.0.30

apache tomcat 7.0.32

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.35

apache tomcat 7.0.37

apache tomcat 7.0.39

apache tomcat 7.0.40

apache tomcat 7.0.41

apache tomcat 7.0.42

apache tomcat 7.0.47

apache tomcat 7.0.50

apache tomcat 7.0.52

apache tomcat 7.0.53

apache tomcat 7.0.54

apache tomcat 7.0.55

apache tomcat 7.0.56

apache tomcat 7.0.57

apache tomcat 7.0.59

apache tomcat 7.0.61

apache tomcat 7.0.62

apache tomcat 7.0.63

apache tomcat 7.0.64

apache tomcat 7.0.65

apache tomcat 7.0.67

apache tomcat 8.0.0

apache tomcat 8.0.1

apache tomcat 8.0.3

apache tomcat 8.0.11

apache tomcat 8.0.12

apache tomcat 8.0.14

apache tomcat 8.0.15

apache tomcat 8.0.17

apache tomcat 8.0.18

apache tomcat 8.0.20

apache tomcat 8.0.21

apache tomcat 8.0.22

apache tomcat 8.0.23

apache tomcat 8.0.24

apache tomcat 8.0.26

apache tomcat 8.0.27

apache tomcat 8.0.28

apache tomcat 8.0.29

apache tomcat 8.0.30

apache tomcat 9.0.0

debian debian linux 7.0

debian debian linux 8.0

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.10

canonical ubuntu linux 16.04

Vendor Advisories

Synopsis Important: Red Hat JBoss Web Server 212 security update for Tomcat 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Web Server 2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7Red Hat Product Security has rated this update ...
Synopsis Important: Red Hat JBoss Web Server 212 security update for Tomcat 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application This token could then be used by an attacker to perform a CSRF attack ...
Several security issues were fixed in Tomcat ...
ResourceLinkFactorysetGlobalContext() is a public method and was discovered to be accessible by web applications running under a security manager without any checks This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other we ...
ResourceLinkFactorysetGlobalContext() is a public method and was discovered to be accessible by web applications running under a security manager without any checks This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other we ...
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service For the stable distribution (jessie), these problems have been fixed in version 8014-1+deb8u2 For the unstable distribution (s ...
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager For the oldstable distribution (wheezy), these problems have been fixed in version 7028-4+deb7u4 This update also fixes CVE-2014-0119 and CVE-20 ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1353 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 15 Mar 2016 Open Medium CVSS v2: 68 SA1 ...
Oracle Critical Patch Update Advisory - January 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Th ...
Oracle Solaris Third Party Bulletin - January 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...
Oracle Critical Patch Update Advisory - April 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...
Oracle Critical Patch Update Advisory - October 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Linux Bulletin - October 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
Oracle Critical Patch Update Advisory - July 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...

References

CWE-352http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.htmlhttp://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1089.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2599.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2807.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2808.htmlhttp://seclists.org/bugtraq/2016/Feb/148http://svn.apache.org/viewvc?view=revision&revision=1720652http://svn.apache.org/viewvc?view=revision&revision=1720655http://svn.apache.org/viewvc?view=revision&revision=1720658http://svn.apache.org/viewvc?view=revision&revision=1720660http://svn.apache.org/viewvc?view=revision&revision=1720661http://svn.apache.org/viewvc?view=revision&revision=1720663http://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://tomcat.apache.org/security-9.htmlhttp://www.debian.org/security/2016/dsa-3530http://www.debian.org/security/2016/dsa-3552http://www.debian.org/security/2016/dsa-3609http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/83330http://www.securitytracker.com/id/1035069http://www.ubuntu.com/usn/USN-3024-1https://access.redhat.com/errata/RHSA-2016:1087https://access.redhat.com/errata/RHSA-2016:1088https://bto.bluecoat.com/security-advisory/sa118https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/201705-09https://security.netapp.com/advisory/ntap-20180531-0001/https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2015-5351https://access.redhat.com/errata/RHSA-2016:2807https://nvd.nist.govhttps://usn.ubuntu.com/3024-1/http://tools.cisco.com/security/center/viewAlert.x?alertId=43690