Apache Tomcat is a servlet container.
It was found that sending a request without a session identifier to a
protected resource could bypass the Cross-Site Request Forgery (CSRF)
prevention filter. A remote attacker could use this flaw to perform
CSRF attacks against applications that rely on the CSRF prevention filter
and do not contain internal mitigation for CSRF. (CVE-2012-4431)
Warning: Before applying the update, back up your existing JBoss Enterprise
Web Server installation (including all applications and configuration
files).
Users of Tomcat should upgrade to these updated packages, which resolve
this issue. Tomcat must be restarted for this update to take effect.