Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-5346

Опубликовано: 25 фев. 2016
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 6.8
CVSS3: 8.1

Описание

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

РелизСтатусПримечание
devel

DNE

esm-apps/xenial

not-affected

esm-infra-legacy/trusty

not-affected

precise

not-affected

precise/esm

not-affected

trusty

not-affected

trusty/esm

not-affected

upstream

not-affected

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

Показывать по

РелизСтатусПримечание
devel

not-affected

7.0.68-1
esm-apps/xenial

not-affected

7.0.68-1
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.6
precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

released

7.0.52-1ubuntu0.6
trusty/esm

not-affected

7.0.52-1ubuntu0.6
upstream

released

7.0.68-1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

Показывать по

РелизСтатусПримечание
devel

not-affected

8.0.32-1ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1
precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

8.0.30-1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 95%
0.19184
Средний

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-5346

CVSS3: 8.1
redhat
больше 9 лет назад

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

nvd логотип

CVE-2015-5346

CVSS3: 8.1
nvd
больше 9 лет назад

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

debian логотип

CVE-2015-5346

CVSS3: 8.1
debian
больше 9 лет назад

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...

github логотип

GHSA-jrcp-c39h-r29x

CVSS3: 8.1
github
около 3 лет назад

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

fstec логотип

BDU:2016-00612

fstec
больше 9 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю получить доступ к веб-сессиям

EPSS

Процентиль: 95%
0.19184
Средний

6.8 Medium

CVSS2

8.1 High

CVSS3

Уязвимость CVE-2015-5346