Lucene search

K
osvGoogleOSV:GHSA-JRCP-C39H-R29X
HistoryMay 14, 2022 - 3:13 a.m.

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

2022-05-1403:13:01
Google
osv.dev
17
session fixation vulnerability
apache tomcat
coyoteadapter.java
request.java
remote attackers
web sessions
software
multiple versions

EPSS

0.009

Percentile

83.2%

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

References