Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-0964

Опубликовано: 20 июн. 2013
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2013-0964: tomcat6 security update (MODERATE)

[0:6.0.24-57]

  • Related: CVE-2013-2067 Session fixation

[0:6.0.24-56]

  • Resolves: CVE-2013-2067 session fixation

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

tomcat6

6.0.24-57.el6_4

tomcat6-admin-webapps

6.0.24-57.el6_4

tomcat6-docs-webapp

6.0.24-57.el6_4

tomcat6-el-2.1-api

6.0.24-57.el6_4

tomcat6-javadoc

6.0.24-57.el6_4

tomcat6-jsp-2.1-api

6.0.24-57.el6_4

tomcat6-lib

6.0.24-57.el6_4

tomcat6-servlet-2.5-api

6.0.24-57.el6_4

tomcat6-webapps

6.0.24-57.el6_4

Oracle Linux i686

tomcat6

6.0.24-57.el6_4

tomcat6-admin-webapps

6.0.24-57.el6_4

tomcat6-docs-webapp

6.0.24-57.el6_4

tomcat6-el-2.1-api

6.0.24-57.el6_4

tomcat6-javadoc

6.0.24-57.el6_4

tomcat6-jsp-2.1-api

6.0.24-57.el6_4

tomcat6-lib

6.0.24-57.el6_4

tomcat6-servlet-2.5-api

6.0.24-57.el6_4

tomcat6-webapps

6.0.24-57.el6_4

Связанные CVE

CVE-2013-2067

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2013-2067

ubuntu
около 12 лет назад

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

redhat логотип

CVE-2013-2067

redhat
около 12 лет назад

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

nvd логотип

CVE-2013-2067

nvd
около 12 лет назад

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

debian логотип

CVE-2013-2067

debian
около 12 лет назад

java/org/apache/catalina/authenticator/FormAuthenticator.java in the f ...

github логотип

GHSA-6m48-jxwx-76q7

github
около 3 лет назад

Improper Authentication in Apache Tomcat