Red Hat Security Advisory 2016-2599-02 – Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat. Security Fix: A CSRF flaw was found in Tomcat’s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.