Web Servers : Apache Tomcat Session Fixation Vulnerability (Nov 2012)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146944

Categoría: Web Servers

Título: Apache Tomcat Session Fixation Vulnerability (Nov 2012) - Linux

Resumen: Apache Tomcat is prone to a session fixation vulnerability.

Descripción: Summary:
Apache Tomcat is prone to a session fixation vulnerability.

Vulnerability Insight:
java/org/apache/catalina/authenticator/FormAuthenticator.java
in the form authentication feature does not properly handle the relationships between
authentication requirements and sessions, which allows remote attackers to inject a request into
a session by sending this request during completion of the login form, a variant of a session
fixation attack.

Affected Software/OS:
Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33.

Solution:
Update to version 6.0.37, 7.0.33 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2067
BugTraq ID: 59799
http://www.securityfocus.com/bid/59799
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Bugtraq: 20130510 [SECURITY] CVE-2013-2067 Session fixation with FORM authenticator (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2013:0833
http://rhn.redhat.com/errata/RHSA-2013-0833.html
RedHat Security Advisories: RHSA-2013:0834
http://rhn.redhat.com/errata/RHSA-2013-0834.html
RedHat Security Advisories: RHSA-2013:0839
http://rhn.redhat.com/errata/RHSA-2013-0839.html
RedHat Security Advisories: RHSA-2013:0964
http://rhn.redhat.com/errata/RHSA-2013-0964.html
RedHat Security Advisories: RHSA-2013:1437
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://www.ubuntu.com/usn/USN-1841-1

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146944
Categoría:	Web Servers
Título:	Apache Tomcat Session Fixation Vulnerability (Nov 2012) - Linux
Resumen:	Apache Tomcat is prone to a session fixation vulnerability.
Descripción:	Summary: Apache Tomcat is prone to a session fixation vulnerability. Vulnerability Insight: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. Affected Software/OS: Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33. Solution: Update to version 6.0.37, 7.0.33 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2067 BugTraq ID: 59799 http://www.securityfocus.com/bid/59799 BugTraq ID: 64758 http://www.securityfocus.com/bid/64758 Bugtraq: 20130510 [SECURITY] CVE-2013-2067 Session fixation with FORM authenticator (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2013:0833 http://rhn.redhat.com/errata/RHSA-2013-0833.html RedHat Security Advisories: RHSA-2013:0834 http://rhn.redhat.com/errata/RHSA-2013-0834.html RedHat Security Advisories: RHSA-2013:0839 http://rhn.redhat.com/errata/RHSA-2013-0839.html RedHat Security Advisories: RHSA-2013:0964 http://rhn.redhat.com/errata/RHSA-2013-0964.html RedHat Security Advisories: RHSA-2013:1437 http://rhn.redhat.com/errata/RHSA-2013-1437.html http://www.ubuntu.com/usn/USN-1841-1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH