Home

CVE-2015-5351

Description

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.737

Associated Vulnerability

VulnerabilityOS Platform
Update Tomcat to 9.5.14Windows
Update Tomcat to 9.5.5Windows
Update Tomcat to 9.5.7Windows
Update Tomcat to 9.5.8Windows
Update Tomcat to 9.6.10Windows
Update Tomcat to 9.6.3Windows
Update Tomcat to 9.6.4Windows
Update Tomcat to 9.6.7Windows
Update Tomcat to 9.6.8Windows
Update Tomcat to 2.4.5Windows
Update Tomcat to 3.0.14Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0Windows
Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat 9.0.0Windows
Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0706 are fixed in Apache - tomcat 8.0.31Windows
Vulnerabilities CVE-2015-5351,CVE-2016-0763,CVE-2015-5345 are fixed in Apache - tomcat 7.0.68Windows
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-admin-webapps-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-docs-webapp-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-el-2_2-api-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-javadoc-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-jsp-2_2-api-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-lib-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-servlet-3_0-api-7.0.68-7.6.1.noarch.rpmLinux
SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-webapps-7.0.68-7.6.1.noarch.rpmLinux
Update Tomcat to 9.5.14 (For Linux)Linux
Update Tomcat to 9.5.5 (For Linux)Linux
Update Tomcat to 9.5.7 (For Linux)Linux
Update Tomcat to 9.5.8 (For Linux)Linux
Update Tomcat to 9.6.10 (For Linux)Linux
Update Tomcat to 9.6.3 (For Linux)Linux
Update Tomcat to 9.6.4 (For Linux)Linux
Update Tomcat to 9.6.7 (For Linux)Linux
Update Tomcat to 9.6.8 (For Linux)Linux
Update Tomcat to 2.4.5 (For Linux)Linux
Update Tomcat to 3.0.14 (For Linux)Linux
Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat for Linux 9.0.0Linux
Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0706 are fixed in Apache - tomcat for Linux 8.0.31Linux
Vulnerabilities CVE-2015-5351,CVE-2016-0763,CVE-2015-5345 are fixed in Apache - tomcat for Linux 7.0.68Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234