CVE-2012-4431
CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2012-12/0045.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00051.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00080.htmlhttp://marc.info/?l=bugtraq&m=136612293908376&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://rhn.redhat.com/errata/RHSA-2013-0267.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0268.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0647.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0648.html