CVE-2015-5351

Published: Feb 25, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

Affected (74)

Products: Apache: Tomcat · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

68 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.10
Apache Tomcat	Version 7.0.11
Apache Tomcat	Version 7.0.12
Apache Tomcat	Version 7.0.14
Apache Tomcat	Version 7.0.16
Apache Tomcat	Version 7.0.19
Apache Tomcat	Version 7.0.20
Apache Tomcat	Version 7.0.21
Apache Tomcat	Version 7.0.22
Apache Tomcat	Version 7.0.23
Apache Tomcat	Version 7.0.25
Apache Tomcat	Version 7.0.26
Apache Tomcat	Version 7.0.27
Apache Tomcat	Version 7.0.28
Apache Tomcat	Version 7.0.29
Apache Tomcat	Version 7.0.2 beta
Apache Tomcat	Version 7.0.30
Apache Tomcat	Version 7.0.32
Apache Tomcat	Version 7.0.33
Apache Tomcat	Version 7.0.34
Apache Tomcat	Version 7.0.35
Apache Tomcat	Version 7.0.37
Apache Tomcat	Version 7.0.39
Apache Tomcat	Version 7.0.40
Apache Tomcat	Version 7.0.41
Apache Tomcat	Version 7.0.42
Apache Tomcat	Version 7.0.47
Apache Tomcat	Version 7.0.4 beta
Apache Tomcat	Version 7.0.50
Apache Tomcat	Version 7.0.52
Apache Tomcat	Version 7.0.53
Apache Tomcat	Version 7.0.54
Apache Tomcat	Version 7.0.55
Apache Tomcat	Version 7.0.56
Apache Tomcat	Version 7.0.57
Apache Tomcat	Version 7.0.59
Apache Tomcat	Version 7.0.5 beta
Apache Tomcat	Version 7.0.61
Apache Tomcat	Version 7.0.62
Apache Tomcat	Version 7.0.63
Apache Tomcat	Version 7.0.64
Apache Tomcat	Version 7.0.65
Apache Tomcat	Version 7.0.67
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 8.0.0 rc10
Apache Tomcat	Version 8.0.0 rc1
Apache Tomcat	Version 8.0.0 rc3
Apache Tomcat	Version 8.0.0 rc5
Apache Tomcat	Version 8.0.11
Apache Tomcat	Version 8.0.12
Apache Tomcat	Version 8.0.14
Apache Tomcat	Version 8.0.15
Apache Tomcat	Version 8.0.17
Apache Tomcat	Version 8.0.18
Apache Tomcat	Version 8.0.1
Apache Tomcat	Version 8.0.20
Apache Tomcat	Version 8.0.21
Apache Tomcat	Version 8.0.22
Apache Tomcat	Version 8.0.23
Apache Tomcat	Version 8.0.24
Apache Tomcat	Version 8.0.26
Apache Tomcat	Version 8.0.27
Apache Tomcat	Version 8.0.28
Apache Tomcat	Version 8.0.29
Apache Tomcat	Version 8.0.30
Apache Tomcat	Version 8.0.3
Apache Tomcat	Version 9.0.0 milestone1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (72)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

Source: secalert@redhat.com

http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-1089.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2599.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2807.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2808.html

Source: secalert@redhat.com

http://seclists.org/bugtraq/2016/Feb/148

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1720652

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1720655

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1720658

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1720660

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1720661

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1720663

Source: secalert@redhat.com

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-8.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-9.html

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2016/dsa-3530

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3552

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3609

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/83330

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035069

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-3024-1

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2016:1087

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2016:1088

Source: secalert@redhat.com

https://bto.bluecoat.com/security-advisory/sa118

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201705-09

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20180531-0001/

Source: secalert@redhat.com

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html