CVE-2012-4431

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-4431 at MITRE

Description

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 793391, 794548

SUSE Security Advisories:

openSUSE-SU-2012:1700-1, published Thu, 27 Dec 2012 17:08:34 +0100 (CET)
openSUSE-SU-2012:1701-1, published Thu, 27 Dec 2012 17:09:46 +0100 (CET)
openSUSE-SU-2013:0147-1, published Wed, 23 Jan 2013 14:05:42 +0100 (CET)
openSUSE-SU-2013:0161-1, published Wed, 23 Jan 2013 14:06:32 +0100 (CET)
openSUSE-SU-2013:0192-1, published Wed, 23 Jan 2013 20:04:50 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Manager 1.2 for SLE 11 SP1	`tomcat6 >= 6.0.18-20.35.40.1` `tomcat6-jsp-2_1-api >= 6.0.18-20.35.40.1` `tomcat6-lib >= 6.0.18-20.35.40.1` `tomcat6-servlet-2_5-api >= 6.0.18-20.35.40.1`	Builds SAT Patch Nr: 7209
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`tomcat6 >= 6.0.18-20.35.40.1` `tomcat6-admin-webapps >= 6.0.18-20.35.40.1` `tomcat6-docs-webapp >= 6.0.18-20.35.40.1` `tomcat6-javadoc >= 6.0.18-20.35.40.1` `tomcat6-jsp-2_1-api >= 6.0.18-20.35.40.1` `tomcat6-lib >= 6.0.18-20.35.40.1` `tomcat6-servlet-2_5-api >= 6.0.18-20.35.40.1` `tomcat6-webapps >= 6.0.18-20.35.40.1`	Builds SAT Patch Nr: 7208

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy