Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass
Medium Nessus Network Monitor Plugin ID 6644
SynopsisThe remote web server is affected by a security bypass vulnerability
DescriptionVersions of Tomcat 7.0.x earlier than 7.0.32 are potentially affected by the following vulnerability:
- An error exists in the file 'filters/CsrfPreventionFilter.java' that can allow cross-site request forgery (CSRF) attacks to bypass the filtering. This can allow access to protected resources without a session identifier.
SolutionUpgrade to Apache Tomcat 7.0.32 or later.