Lucene search

K

[email protected]CVE-2013-2067

HistoryJun 01, 2013 - 2:21 p.m.

CVE-2013-2067

2013-06-0114:21:00

CWE-287

[email protected]

web.nvd.nist.gov

61

4

apache tomcat

form authentication

session handling

remote code execution

nvd

cve-2013-2067

6.4 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.8%

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

CPENameOperatorVersion
apache:tomcatapache tomcateq6.0.33
apache:tomcatapache tomcateq6.0.21
apache:tomcatapache tomcateq6.0.31
apache:tomcatapache tomcateq6.0.29
apache:tomcatapache tomcateq6.0.24
apache:tomcatapache tomcateq6.0.32
apache:tomcatapache tomcateq6.0.28
apache:tomcatapache tomcateq6.0.30
apache:tomcatapache tomcateq6.0.26
apache:tomcatapache tomcateq6.0.27

Rows per page:

1-10 of 401

References

archives.neohapsis.com/archives/bugtraq/2013-05/0041.html

rhn.redhat.com/errata/RHSA-2013-0833.html

rhn.redhat.com/errata/RHSA-2013-0834.html

rhn.redhat.com/errata/RHSA-2013-0839.html

rhn.redhat.com/errata/RHSA-2013-0964.html

rhn.redhat.com/errata/RHSA-2013-1437.html

svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891

svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044

svn.apache.org/viewvc?view=revision&revision=1408044

svn.apache.org/viewvc?view=revision&revision=1417891

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.securityfocus.com/bid/59799

www.securityfocus.com/bid/64758

www.ubuntu.com/usn/USN-1841-1

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Social References

More

6.4 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.8%

Related for CVE-2013-2067

nessus22 securityvulns5 seebug2 github1 openvas16 veracode1 tomcat2 redhat6 oraclelinux1 osv3 prion1 debiancve1 ubuntucve1 centos1 atlassian5 ubuntu1 mageia1 debian2 f51 gentoo1 ibm2 oracle2