Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2015-5351

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

  • Published: Feb 25, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-5351
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
apache / tomcat 7.0.2-beta 7.0.2-beta.x
apache / tomcat 8.0.30 8.0.30.x
apache / tomcat 7.0.12 7.0.12.x
apache / tomcat 7.0.62 7.0.62.x
apache / tomcat 8.0.17 8.0.17.x
apache / tomcat 7.0.53 7.0.53.x
apache / tomcat 7.0.20 7.0.20.x
apache / tomcat 7.0.34 7.0.34.x
apache / tomcat 8.0.26 8.0.26.x
apache / tomcat 7.0.55 7.0.55.x
apache / tomcat 7.0.4-beta 7.0.4-beta.x
apache / tomcat 7.0.63 7.0.63.x
apache / tomcat 8.0.20 8.0.20.x
apache / tomcat 7.0.22 7.0.22.x
apache / tomcat 7.0.39 7.0.39.x
apache / tomcat 7.0.26 7.0.26.x
apache / tomcat 7.0.28 7.0.28.x
apache / tomcat 8.0.1 8.0.1.x
apache / tomcat 8.0.0-rc3 8.0.0-rc3.x
apache / tomcat 7.0.59 7.0.59.x
apache / tomcat 7.0.65 7.0.65.x
apache / tomcat 7.0.50 7.0.50.x
apache / tomcat 7.0.6 7.0.6.x
apache / tomcat 8.0.12 8.0.12.x
apache / tomcat 7.0.14 7.0.14.x
apache / tomcat 8.0.27 8.0.27.x
apache / tomcat 8.0.15 8.0.15.x
apache / tomcat 7.0.11 7.0.11.x
apache / tomcat 7.0.67 7.0.67.x
apache / tomcat 8.0.0-rc1 8.0.0-rc1.x
apache / tomcat 7.0.23 7.0.23.x
apache / tomcat 7.0.0-beta 7.0.0-beta.x
apache / tomcat 8.0.22 8.0.22.x
apache / tomcat 8.0.29 8.0.29.x
apache / tomcat 7.0.52 7.0.52.x
apache / tomcat 7.0.42 7.0.42.x
apache / tomcat 7.0.37 7.0.37.x
apache / tomcat 7.0.29 7.0.29.x
apache / tomcat 8.0.11 8.0.11.x
apache / tomcat 8.0.24 8.0.24.x
apache / tomcat 8.0.0-rc10 8.0.0-rc10.x
apache / tomcat 8.0.23 8.0.23.x
apache / tomcat 7.0.47 7.0.47.x
apache / tomcat 7.0.5-beta 7.0.5-beta.x
apache / tomcat 8.0.21 8.0.21.x
apache / tomcat 7.0.41 7.0.41.x
apache / tomcat 7.0.30 7.0.30.x
apache / tomcat 7.0.19 7.0.19.x
apache / tomcat 7.0.16 7.0.16.x
apache / tomcat 7.0.10 7.0.10.x
apache / tomcat 8.0.18 8.0.18.x
apache / tomcat 7.0.25 7.0.25.x
apache / tomcat 7.0.54 7.0.54.x
apache / tomcat 7.0.35 7.0.35.x
apache / tomcat 7.0.61 7.0.61.x
apache / tomcat 8.0.3 8.0.3.x
apache / tomcat 7.0.57 7.0.57.x
apache / tomcat 8.0.14 8.0.14.x
apache / tomcat 8.0.0-rc5 8.0.0-rc5.x
apache / tomcat 7.0.32 7.0.32.x
apache / tomcat 7.0.21 7.0.21.x
apache / tomcat 7.0.27 7.0.27.x
apache / tomcat 7.0.40 7.0.40.x
apache / tomcat 7.0.56 7.0.56.x
apache / tomcat 8.0.28 8.0.28.x
apache / tomcat 7.0.64 7.0.64.x
apache / tomcat 7.0.33 7.0.33.x
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x
canonical / ubuntu_linux 12.04 12.04.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 15.10 15.10.x
canonical / ubuntu_linux 14.04 14.04.x
apache / tomcat 9.0.0-milestone1 9.0.0-milestone1.x