1
PublicDateAtUSN: 2016-02-24
2
Candidate: CVE-2015-5351
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351
6
http://seclists.org/bugtraq/2016/Feb/148
7
https://usn.ubuntu.com/usn/usn-3024-1
9
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x
10
before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish
11
sessions and send CSRF tokens for arbitrary new requests, which allows
12
remote attackers to bypass a CSRF protection mechanism by using a token.
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312
22
upstream: http://svn.apache.org/viewvc?view=revision&revision=1720661
23
upstream: http://svn.apache.org/viewvc?view=revision&revision=1720663
24
upstream_tomcat7: released (7.0.68-1)
25
precise_tomcat7: ignored (reached end-of-life)
26
precise/esm_tomcat7: DNE (precise was needed)
27
trusty_tomcat7: released (7.0.52-1ubuntu0.6)
28
vivid/stable-phone-overlay_tomcat7: DNE
29
vivid/ubuntu-core_tomcat7: DNE
30
wily_tomcat7: released (7.0.64-1ubuntu0.3)
31
xenial_tomcat7: not-affected (7.0.68-1)
32
yakkety_tomcat7: not-affected (7.0.68-1)
33
zesty_tomcat7: not-affected (7.0.68-1)
34
artful_tomcat7: not-affected (7.0.68-1)
35
bionic_tomcat7: not-affected (7.0.68-1)
36
devel_tomcat7: not-affected (7.0.68-1)
39
upstream: http://svn.apache.org/viewvc?view=revision&revision=1720661
40
upstream: http://svn.apache.org/viewvc?view=revision&revision=1720655
41
upstream_tomcat6: released (6.0.45)
42
precise_tomcat6: not-affected (code not present)
43
precise/esm_tomcat6: not-affected (code not present)
44
trusty_tomcat6: needed
45
vivid/stable-phone-overlay_tomcat6: DNE
46
vivid/ubuntu-core_tomcat6: DNE
47
wily_tomcat6: ignored (reached end-of-life)
48
xenial_tomcat6: not-affected (6.0.45+dfsg-1)
56
upstream: http://svn.apache.org/viewvc?view=revision&revision=1720658
57
upstream: http://svn.apache.org/viewvc?view=revision&revision=1720660
58
upstream_tomcat8: released (8.0.32-1)
60
precise/esm_tomcat8: DNE
62
vivid/stable-phone-overlay_tomcat8: DNE
63
vivid/ubuntu-core_tomcat8: DNE
64
wily_tomcat8: ignored (reached end-of-life)
65
xenial_tomcat8: not-affected (8.0.32-1ubuntu1)
66
yakkety_tomcat8: not-affected (8.0.32-1ubuntu1)
67
zesty_tomcat8: not-affected (8.0.32-1ubuntu1)
68
artful_tomcat8: not-affected (8.0.32-1ubuntu1)
69
bionic_tomcat8: not-affected (8.0.32-1ubuntu1)
70
devel_tomcat8: not-affected (8.0.32-1ubuntu1)