HomePentest-Tools.com Logo

Apache Tomcat Session Fixation Vulnerability - Feb16 (Windows) CVE-2015-5346

Severity
CVSSv3 Score
8.1
Vulnerability description

Apache Tomcat is prone to a Session Fixation Vulnerability.

Risk description

The flaw exists due to insufficient recycling of the requestedSessionSSL field. Successful exploitation will allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request.

Recommendation

Upgrade to version 7.0.66 or 8.0.32 or 9.0.0.M3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 25, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available