Apache : Security Vulnerabilities, CVEs, Published In 2012 (CSRF)
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-12-19
Updated
2017-09-19
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
Max CVSS
6.8
EPSS Score
0.19%
Published
2012-09-05
Updated
2017-08-29
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
Max CVSS
6.8
EPSS Score
0.05%
Published
2012-06-26
Updated
2013-10-04
3 vulnerabilities found