Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2021/03/16 3:17 p.m.64 views

tomcat: Session fixation when using FORM authentication

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/04/21 11:7 a.m.2 views

tomcat: Session fixation when using FORM authentication

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/03/17 1:10 p.m.50 views

tomcat: Session fixation when using FORM authentication

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References8
OSV
OSV
added 2013/05/10 12:0 a.m.10 views

UBUNTU-CVE-2013-2067

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...

6.8CVSS7.3AI score0.07147EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2009/07/06 11:41 a.m.4 views

tomcat6 Information disclosure in authentication classes

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

4.3CVSS6.1AI score0.9444EPSS
Exploits4References4
Rows per page
Query Builder