This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Apache Tomcat service may be affected by a security bypass
According to its self-reported version number, the instance of Apache
Tomcat 7.0 listening on the remote host is earlier than Tomcat 7.0.32
and, therefore, may be affected by a security bypass vulnerability.
An error exists in the file 'filters/CsrfPreventionFilter.java' that
can allow cross-site request forgery (CSRF) attacks to bypass the
filtering. This can allow access to protected resources without a
Note that Nessus did not actually test for the flaw but instead has
relied on the version in Tomcat's banner or error page so these may be
See also :
Update Apache Tomcat to version 7.0.32 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true