Description

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

Remediation

References

http://svn.apache.org/viewvc?view=revision&revision=1720663

http://svn.apache.org/viewvc?view=revision&revision=1720652

http://svn.apache.org/viewvc?view=revision&revision=1720655

http://tomcat.apache.org/security-8.html

http://tomcat.apache.org/security-9.html

http://svn.apache.org/viewvc?view=revision&revision=1720658

http://tomcat.apache.org/security-7.html

http://svn.apache.org/viewvc?view=revision&revision=1720660

http://seclists.org/bugtraq/2016/Feb/148

http://svn.apache.org/viewvc?view=revision&revision=1720661

http://www.debian.org/security/2016/dsa-3530

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

http://www.debian.org/security/2016/dsa-3609

http://www.ubuntu.com/usn/USN-3024-1

http://www.debian.org/security/2016/dsa-3552

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.securityfocus.com/bid/83330

https://access.redhat.com/errata/RHSA-2016:1087

http://rhn.redhat.com/errata/RHSA-2016-1089.html

https://access.redhat.com/errata/RHSA-2016:1088

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

https://bto.bluecoat.com/security-advisory/sa118

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

http://www.securitytracker.com/id/1035069

http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html

https://security.gentoo.org/glsa/201705-09

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021

http://rhn.redhat.com/errata/RHSA-2016-2808.html

http://rhn.redhat.com/errata/RHSA-2016-2807.html

http://rhn.redhat.com/errata/RHSA-2016-2599.html

https://security.netapp.com/advisory/ntap-20180531-0001/

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2020-6463 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-36884 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2014-3665 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-10360 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release

CVE-2020-13937 Vulnerability in maven package org.apache.kylin:kylin

Severity

Critical

Classification

CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory