Apache Tomcat XSRF Token Disclosure

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Apache Tomcat server is affected by an information
disclosure vulnerability.

Description :

The remote Apache Tomcat web server is affected by an information
disclosure vulnerability in the index page of the Manager and Host
Manager applications. An unauthenticated, remote attacker can exploit
this vulnerability to obtain a valid cross-site request forgery (XSRF)
token during the redirect issued when requesting /manager/ or
/host-manager/. This token can be utilized by an attacker to construct
an XSRF attack.

Note that there are reportedly several additional vulnerabilities;
however, Nessus has not tested for these.

See also :

http://seclists.org/bugtraq/2016/Feb/148
http://www.nessus.org/u?77a5c04a
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.32
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68

Solution :

Upgrade to Apache Tomcat version 7.0.68 / 8.0.32 / 9.0.0.M3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 90318 ()

Bugtraq ID: 83330

CVE ID: CVE-2015-5351

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now