Description
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
Remediation
References
Related Vulnerabilities
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9069)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0441)
WordPress Plugin Integration for Contact Form 7 and Pipedrive Cross-Site Scripting (1.0.9)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4300)
WordPress Plugin User Avatar TimThumb Arbitrary File Upload (1.3.7)