CVE-2012-4431Cross-Site Request Forgery in Apache Tomcat

CWE-264CWE-352Cross-Site Request Forgery11 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
9.8%
top 7.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedDec 19
Latest updateMay 17

Description

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat59 versions+58

Patches

Patch: svn.apache.orgPatch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

3
GHSA
Cross-Site Request Forgery in Apache Tomcat2022-05-17
OSV
Cross-Site Request Forgery in Apache Tomcat2022-05-17
CVEList
CVE-2012-4431: org/apache/catalina/filters/CsrfPreventionFilter2012-12-19

📋Vendor Advisories

2
Ubuntu
Tomcat vulnerabilities2013-01-14
Red Hat
Tomcat/JBoss Web - Bypass of CSRF prevention filter2012-12-04

💬Community

5
Bugzilla
CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter [fedora-all]2013-03-14
Bugzilla
CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter [fedora-all]2013-03-14
Bugzilla
CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter [fedora-all]2012-12-05
Bugzilla
CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter [fedora-all]2012-12-05
Bugzilla
CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter2012-12-05
CVE-2012-4431 — Cross-Site Request Forgery in Apache | cvebase