CVE-2015-5351

Priority
Description
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x
before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish
sessions and send CSRF tokens for arbitrary new requests, which allows
remote attackers to bypass a CSRF protection mechanism by using a token.
Notes
Package
Upstream:released (6.0.45)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):released (6.0.39-1ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (6.0.45+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1720661
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1720655
Package
Upstream:released (7.0.68-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):released (7.0.52-1ubuntu0.6)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.68-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (7.0.68-1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1720661
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1720663
Package
Upstream:released (8.0.32-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (8.0.32-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (8.0.32-1ubuntu1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1720658
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1720660
More Information

Updated: 2020-05-07 18:37:07 UTC (commit 3db3e0dddc92f0ed79599b5949ba82bc7a3031ed)