Description

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Remediation

References

CVE-2012-4431

Related Vulnerabilities

WordPress Plugin Simple Ajax Shoutbox SQL Injection (2.2.1)

WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)

WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)

Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32777)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42111)

Severity

Medium

Classification

CVE-2012-4431 CWE-264

Tags

Missing Update Known Vulnerabilities