HomePentest-Tools.com Logo

Apache Tomcat Session Fixation Vulnerability - Dec19 (Windows) CVE-2019-17563

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache Tomcat is prone to a session fixation vulnerability.

Risk description

When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

Recommendation

Update to version 7.0.99, 8.5.50, 9.0.30 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 23, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available