The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x prior to 7.0.68, 8.x prior to 8.0.31, and 9.x prior to 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote malicious users to bypass a CSRF protection mechanism by using a token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 7.0.2 |
||
apache tomcat 8.0.30 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.62 |
||
apache tomcat 8.0.17 |
||
apache tomcat 7.0.53 |
||
apache tomcat 7.0.20 |
||
apache tomcat 7.0.34 |
||
apache tomcat 8.0.26 |
||
apache tomcat 7.0.55 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.63 |
||
apache tomcat 8.0.20 |
||
apache tomcat 7.0.22 |
||
apache tomcat 7.0.39 |
||
apache tomcat 7.0.26 |
||
apache tomcat 7.0.28 |
||
apache tomcat 8.0.1 |
||
apache tomcat 8.0.0 |
||
apache tomcat 7.0.59 |
||
apache tomcat 7.0.65 |
||
apache tomcat 7.0.50 |
||
apache tomcat 7.0.6 |
||
apache tomcat 8.0.12 |
||
apache tomcat 7.0.14 |
||
apache tomcat 8.0.27 |
||
apache tomcat 8.0.15 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.67 |
||
apache tomcat 7.0.23 |
||
apache tomcat 7.0.0 |
||
apache tomcat 8.0.22 |
||
apache tomcat 8.0.29 |
||
apache tomcat 7.0.52 |
||
apache tomcat 7.0.42 |
||
apache tomcat 7.0.37 |
||
apache tomcat 7.0.29 |
||
apache tomcat 8.0.11 |
||
apache tomcat 8.0.24 |
||
apache tomcat 8.0.23 |
||
apache tomcat 7.0.47 |
||
apache tomcat 7.0.5 |
||
apache tomcat 8.0.21 |
||
apache tomcat 7.0.41 |
||
apache tomcat 7.0.30 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.10 |
||
apache tomcat 8.0.18 |
||
apache tomcat 7.0.25 |
||
apache tomcat 7.0.54 |
||
apache tomcat 7.0.35 |
||
apache tomcat 7.0.61 |
||
apache tomcat 8.0.3 |
||
apache tomcat 7.0.57 |
||
apache tomcat 8.0.14 |
||
apache tomcat 7.0.32 |
||
apache tomcat 7.0.21 |
||
apache tomcat 7.0.27 |
||
apache tomcat 7.0.40 |
||
apache tomcat 7.0.56 |
||
apache tomcat 8.0.28 |
||
apache tomcat 7.0.64 |
||
apache tomcat 7.0.33 |
||
apache tomcat 9.0.0 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |