icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass

High

Synopsis

The remote web server is affected by a security bypass vulnerability

Description

Versions of Tomcat 7.0.x earlier than 7.0.32 are potentially affected by the following vulnerability:

- An error exists in the file 'filters/CsrfPreventionFilter.java' that can allow cross-site request forgery (CSRF) attacks to bypass the filtering. This can allow access to protected resources without a session identifier.

Solution

Upgrade to Apache Tomcat 7.0.32 or later.