Description
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
Remediation
References
Related Vulnerabilities
MySQL Improper Initialization Vulnerability (CVE-2020-11655)
WordPress Plugin Google Authenticator Unspecified Vulnerability (0.47)
WordPress Plugin Fixedly Media Gallery Cross-Site Scripting (1.3.1)
WordPress Plugin WP Photo Album Plus Multiple Cross-Site Scripting Vulnerabilities (5.4.4)
WordPress Plugin Contact Form 7-Clockwork SMS Cross-Site Scripting (2.3.0)