CVE-2012-4431
SUSE Linux Enterprise Server 11 SP2,SUSE Linux Enterprise Server 11 SP2 for VMware,SUSE Manager 1.2 for SLE 11 SP1
CVE-2012-4431, security advisory, novell, suse linux, suse, security, cve

CVE-2012-4431

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-4431 at MITRE

Description

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 793391 [RESOLVED / FIXED], 794548 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP2
  • tomcat6 >= 6.0.18-20.35.40.1
  • tomcat6-admin-webapps >= 6.0.18-20.35.40.1
  • tomcat6-docs-webapp >= 6.0.18-20.35.40.1
  • tomcat6-javadoc >= 6.0.18-20.35.40.1
  • tomcat6-jsp-2_1-api >= 6.0.18-20.35.40.1
  • tomcat6-lib >= 6.0.18-20.35.40.1
  • tomcat6-servlet-2_5-api >= 6.0.18-20.35.40.1
  • tomcat6-webapps >= 6.0.18-20.35.40.1
Patchnames:
slessp2-tomcat6
SUSE Linux Enterprise Server for VMWare 11 SP2
  • tomcat6 >= 6.0.18-20.35.40.1
  • tomcat6-admin-webapps >= 6.0.18-20.35.40.1
  • tomcat6-docs-webapp >= 6.0.18-20.35.40.1
  • tomcat6-javadoc >= 6.0.18-20.35.40.1
  • tomcat6-jsp-2_1-api >= 6.0.18-20.35.40.1
  • tomcat6-lib >= 6.0.18-20.35.40.1
  • tomcat6-servlet-2_5-api >= 6.0.18-20.35.40.1
  • tomcat6-webapps >= 6.0.18-20.35.40.1
Patchnames:
slessp2-tomcat6
SUSE Manager 1.2 for SLE 11 SP1
  • tomcat6 >= 6.0.18-20.35.40.1
  • tomcat6-jsp-2_1-api >= 6.0.18-20.35.40.1
  • tomcat6-lib >= 6.0.18-20.35.40.1
  • tomcat6-servlet-2_5-api >= 6.0.18-20.35.40.1
Builds
SAT Patch Nr: 7209
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • tomcat6 >= 6.0.18-20.35.40.1
  • tomcat6-admin-webapps >= 6.0.18-20.35.40.1
  • tomcat6-docs-webapp >= 6.0.18-20.35.40.1
  • tomcat6-javadoc >= 6.0.18-20.35.40.1
  • tomcat6-jsp-2_1-api >= 6.0.18-20.35.40.1
  • tomcat6-lib >= 6.0.18-20.35.40.1
  • tomcat6-servlet-2_5-api >= 6.0.18-20.35.40.1
  • tomcat6-webapps >= 6.0.18-20.35.40.1
Builds
SAT Patch Nr: 7208
openSUSE Evergreen 11.4
  • tomcat6 >= 6.0.32-38.1
  • tomcat6-admin-webapps >= 6.0.32-38.1
  • tomcat6-docs-webapp >= 6.0.32-38.1
  • tomcat6-el-1_0-api >= 6.0.32-38.1
  • tomcat6-javadoc >= 6.0.32-38.1
  • tomcat6-jsp-2_1-api >= 6.0.32-38.1
  • tomcat6-lib >= 6.0.32-38.1
  • tomcat6-servlet-2_5-api >= 6.0.32-38.1
  • tomcat6-webapps >= 6.0.32-38.1
Patchnames:
2012-24
2013-11