Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability

description-logoDescription

The index page of the Manager and Host Manager applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. If an attacker had access to the Manager or Host Manager applications (typically these applications are only accessible to internal users, not exposed to the Internet), this token could then be used by the attacker to construct a CSRF attack.

affected-products-logoAffected Applications

Apache Tomcat

CVE References

CVE-2015-5351