Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@9.0.0.M0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bhm9-2v2g-aaaq
Aliases: CVE-2015-5351 GHSA-w7cg-5969-678w |
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. |
Affected by 1 other vulnerability. Affected by 61 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:36:41.438803+00:00 | GitLab Importer | Affected by | VCID-bhm9-2v2g-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2015-5351.yml | 34.0.1 |
| 2024-09-17T22:02:03.808557+00:00 | GHSA Importer | Affected by | VCID-bhm9-2v2g-aaaq | https://github.com/advisories/GHSA-w7cg-5969-678w | 34.0.1 |
| 2024-01-03T17:59:45.263556+00:00 | GitLab Importer | Affected by | VCID-bhm9-2v2g-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2015-5351.yml | 34.0.0rc1 |
| 2024-01-03T17:36:54.542500+00:00 | GHSA Importer | Affected by | VCID-bhm9-2v2g-aaaq | https://github.com/advisories/GHSA-w7cg-5969-678w | 34.0.0rc1 |