Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass

High

Synopsis

The remote web server is affected by a security bypass vulnerability

Description

Versions of Tomcat 7.0.x earlier than 7.0.32 are potentially affected by the following vulnerability:

- An error exists in the file 'filters/CsrfPreventionFilter.java' that can allow cross-site request forgery (CSRF) attacks to bypass the filtering. This can allow access to protected resources without a session identifier.

Solution

Upgrade to Apache Tomcat 7.0.32 or later.