Description

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Remediation

References

CVE-2012-4431

Related Vulnerabilities

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4558)

WordPress Plugin SAML SP Single Sign On-SSO login Unspecified Vulnerability (4.8.70)

IBM RTC CVE-2019-4084 Vulnerability (CVE-2019-4084)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-43400)

Oracle JRE CVE-2013-1486 Vulnerability (CVE-2013-1486)

Severity

Medium

Classification

CVE-2012-4431 CWE-264

Tags

Missing Update Known Vulnerabilities