Release date: 2012-4 4
Updated on: 2012-12-06
Affected Systems:
Apache Group Tomcat 7.0.0-7.0.29
Apache Group Tomcat 6.0.0-6.0.35
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56814
CVE (CAN) ID: CVE-2012-4431
Apache Tomcat is a popular open source JSP application server program.
The Cross-Site Request Forgery Vulnerability exists in Tomcat v7.0.31 and versions earlier than 6.0.35. Remote attackers can exploit this vulnerability to execute some operations with the current user permission to access affected applications.
<* Source: Tomcat Security Team
Link: http://www.securitytracker.com/id/1027834
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download a later version from the vendor's homepage.
Reference link:
Http://tomcat.apache.org/security.html
Http://tomcat.apache.org/security-7.html
Http://tomcat.apache.org/security-6.html