6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.8%
CentOS Errata and Security Advisory CESA-2013:0964
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attackerโs requests
being processed as if they were sent by the user. (CVE-2013-2067)
Users of Tomcat are advised to upgrade to these updated packages, which
correct this issue. Tomcat must be restarted for this update to take
effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-June/081963.html
Affected packages:
tomcat6
tomcat6-admin-webapps
tomcat6-docs-webapp
tomcat6-el-2.1-api
tomcat6-javadoc
tomcat6-jsp-2.1-api
tomcat6-lib
tomcat6-servlet-2.5-api
tomcat6-webapps
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0964
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | noarch | tomcat6 | <ย 6.0.24-57.el6_4 | tomcat6-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-admin-webapps | <ย 6.0.24-57.el6_4 | tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-docs-webapp | <ย 6.0.24-57.el6_4 | tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-el-2.1-api | <ย 6.0.24-57.el6_4 | tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-javadoc | <ย 6.0.24-57.el6_4 | tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-jsp-2.1-api | <ย 6.0.24-57.el6_4 | tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-lib | <ย 6.0.24-57.el6_4 | tomcat6-lib-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-servlet-2.5-api | <ย 6.0.24-57.el6_4 | tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6-webapps | <ย 6.0.24-57.el6_4 | tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm |
CentOS | 6 | noarch | tomcat6 | <ย 6.0.24-57.el6_4 | tomcat6-6.0.24-57.el6_4.noarch.rpm |