CVE-2013-2067

Опубликовано: 01 июн. 2013

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.8

Описание

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Релиз	Статус	Примечание
devel	DNE
esm-apps/xenial	not-affected	6.0.39-1
esm-infra-legacy/trusty	not-affected	6.0.39-1
lucid	released	6.0.24-2ubuntu1.13
precise	released	6.0.35-1ubuntu3.3
precise/esm	not-affected	6.0.35-1ubuntu3.3
quantal	released	6.0.35-5ubuntu0.1
raring	ignored	end of life
saucy	not-affected	6.0.37-1
trusty	not-affected	6.0.39-1

Показывать по

Релиз	Статус	Примечание
devel	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	not-affected
lucid	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needed
quantal	released	7.0.30-0ubuntu1.2
raring	not-affected	7.0.35-1~exp2ubuntu1
saucy	not-affected
trusty	not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 88%

0.04198

Низкий

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2013-2067

redhat

около 12 лет назад

CVE-2013-2067

nvd

около 12 лет назад

CVE-2013-2067

debian

около 12 лет назад

java/org/apache/catalina/authenticator/FormAuthenticator.java in the f ...

GHSA-6m48-jxwx-76q7

github

около 3 лет назад

Improper Authentication in Apache Tomcat

ELSA-2013-0964

oracle-oval

около 12 лет назад

ELSA-2013-0964: tomcat6 security update (MODERATE)

EPSS

Процентиль: 88%

0.04198

Низкий

6.8 Medium

CVSS2

CVE-2013-2067

Описание

Пакет tomcat6

Пакет tomcat7

Ссылки на источники

Связанные уязвимости