967812 – (CVE-2015-5351) VUL-0: CVE-2015-5351: tomcat: CSRF token leak

Bug 967812 (CVE-2015-5351) - VUL-0: CVE-2015-5351: tomcat: CSRF token leak

Summary: VUL-0: CVE-2015-5351: tomcat: CSRF token leak

Status:	RESOLVED FIXED

Alias:	CVE-2015-5351

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/162120/
Whiteboard:	CVSSv2:RedHat:CVE-2015-5351:4.4:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-02-23 12:04 UTC by Alexander Bergmann
Modified:	2018-08-23 16:07 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-02-23 12:04:23 UTC

http://seclists.org/bugtraq/2016/Feb/148

CVE-2015-5351 Apache Tomcat CSRF token leak

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- - Apache Tomcat 7.0.1 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.31
- - Apache Tomcat 9.0.0.M1

Description:
The index page of the Manager and Host Manager applications included a
valid CSRF token when issuing a redirect as a result of an
unauthenticated request to the root of the web application. This token
could then be used by an attacker to construct a CSRF attack.

Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 9.0.0.M3 or later
  (9.0.0.M2 has the fix but was not released)
- - Upgrade to Apache Tomcat 8.0.32 or later
  (8.0.31 has the fix but was not released)
- - Upgrade to Apache Tomcat 7.0.68 or later

Credit:
This issue was discovered by the Apache Tomcat security team.

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1311076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351

Comment 1 Swamp Workflow Management 2016-02-23 23:00:25 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2016-03-15 14:12:53 UTC

SUSE-SU-2016:0769-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 967812,967814,967815,967964,967965,967966,967967
CVE References: CVE-2015-5174,CVE-2015-5345,CVE-2015-5346,CVE-2015-5351,CVE-2016-0706,CVE-2016-0714,CVE-2016-0763
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    tomcat-8.0.32-3.1

Comment 4 Swamp Workflow Management 2016-03-18 18:13:46 UTC

SUSE-SU-2016:0822-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 967812,967814,967815,967964,967965,967966,967967
CVE References: CVE-2015-5174,CVE-2015-5345,CVE-2015-5346,CVE-2015-5351,CVE-2016-0706,CVE-2016-0714,CVE-2016-0763
Sources used:
SUSE Linux Enterprise Server 12 (src):    tomcat-7.0.68-7.6.1

Comment 5 Swamp Workflow Management 2016-03-23 17:09:57 UTC

openSUSE-SU-2016:0865-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 967812,967814,967815,967964,967965,967966,967967
CVE References: CVE-2015-5174,CVE-2015-5345,CVE-2015-5346,CVE-2015-5351,CVE-2016-0706,CVE-2016-0714,CVE-2016-0763
Sources used:
openSUSE Leap 42.1 (src):    tomcat-8.0.32-5.1

Comment 6 Matei Albu 2016-11-02 12:48:08 UTC

Tomcat was patched. This can be closed.

Comment 7 Marcus Meissner 2016-12-22 13:30:06 UTC

released