The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "libservlet2.4-java" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "libservlet2.5-java" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "libservlet2.5-java-doc" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "libtomcat6-java" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "tomcat6" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "tomcat6-admin" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "tomcat6-common" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "tomcat6-docs" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "tomcat6-examples" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "tomcat6-extras" }, { "binary_version": "6.0.39-1ubuntu0.1", "binary_name": "tomcat6-user" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "libservlet3.0-java" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "libservlet3.0-java-doc" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "libtomcat7-java" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "tomcat7" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "tomcat7-admin" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "tomcat7-common" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "tomcat7-docs" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "tomcat7-examples" }, { "binary_version": "7.0.52-1ubuntu0.6", "binary_name": "tomcat7-user" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "7.0.68-1", "binary_name": "libservlet3.0-java" }, { "binary_version": "7.0.68-1", "binary_name": "libservlet3.0-java-doc" }, { "binary_version": "7.0.68-1", "binary_name": "libtomcat7-java" }, { "binary_version": "7.0.68-1", "binary_name": "tomcat7" }, { "binary_version": "7.0.68-1", "binary_name": "tomcat7-admin" }, { "binary_version": "7.0.68-1", "binary_name": "tomcat7-common" }, { "binary_version": "7.0.68-1", "binary_name": "tomcat7-docs" }, { "binary_version": "7.0.68-1", "binary_name": "tomcat7-examples" }, { "binary_version": "7.0.68-1", "binary_name": "tomcat7-user" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "8.0.32-1ubuntu1", "binary_name": "libservlet3.1-java" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "libservlet3.1-java-doc" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "libtomcat8-java" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "tomcat8" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "tomcat8-admin" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "tomcat8-common" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "tomcat8-docs" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "tomcat8-examples" }, { "binary_version": "8.0.32-1ubuntu1", "binary_name": "tomcat8-user" } ] }