HomePentest-Tools.com Logo

Apache Tomcat Session Fixation Vulnerability (Nov 2012) - Windows CVE-2013-2067

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache Tomcat is prone to a session fixation vulnerability.

Risk description

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. Successful exploitation will allow attackers to conduct session fixation attacks to hijack the target users session.

Recommendation

Update to version 6.0.37, 7.0.33 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 1, 2013
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available