CVE-2014-0033

🗓️ 26 Feb 2014 11:00:00Reported by redhatType

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL

Reporter	Title	Published	Views	Family All 51
IBM Security Bulletins	Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Release (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)	17 Jun 201822:31	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)	18 Jun 201800:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache Tomcat	18 Jun 201800:08	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)	17 Jun 201804:55	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM FlashSystem 840 product is affected by vulnerabilities in Apache Tomcat	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)	15 Jun 201807:01	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)	17 Jun 201822:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033)	15 Jun 201822:31	–	ibm
Cvelist	CVE-2014-0033	26 Feb 201411:00	–	cvelist

NVD

Node

apache tomcatMatch6.0.33

apache tomcatMatch6.0.34

apache tomcatMatch6.0.35

apache tomcatMatch6.0.36

apache tomcatMatch6.0.37

Source	Link
www-01	www.www-01.ibm.com/support/docview.wss
lists	www.lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
svn	www.svn.apache.org/viewvc
ubuntu	www.ubuntu.com/usn/USN-2130-1
vmware	www.vmware.com/security/advisories/VMSA-2014-0012.html
www-01	www.www-01.ibm.com/support/docview.wss
tomcat	www.tomcat.apache.org/security-6.html
secunia	www.secunia.com/advisories/59873
lists	www.lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

29 Apr 2026 01:13Current

8.1High risk

Vulners AI Score8.1

CVSS 24.3

EPSS0.16231

CWE-20