Lucene search
+L

246 matches found

Veracode
Veracode
added 2020/08/18 2:3 a.m.20 views

Session Fixation

wildfly-elytron is vulnerable to session fixation. The vulnerability exists when using FORM authentication...

7.5CVSS2AI score0.01454EPSS
Exploits0References25Affected Software29
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.10 views

wildfly-elytron: session fixation when using FORM authentication

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

7.5CVSS5.7AI score0.01454EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.2 views

wildfly-elytron: session fixation when using FORM authentication

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

7.5CVSS5.7AI score0.01454EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.3 views

wildfly-elytron: session fixation when using FORM authentication

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

7.5CVSS5.7AI score0.01454EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:25 p.m.4 views

wildfly-elytron: session fixation when using FORM authentication

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

7.5CVSS5.7AI score0.01454EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/21 11:7 a.m.4 views

tomcat: Session fixation when using FORM authentication

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/04/21 10:55 a.m.3 views

tomcat: Session fixation when using FORM authentication

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/04/15 12:0 a.m.93 views

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2020-1438)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections ...

9.8CVSS8.2AI score0.9927EPSS
Exploits46References4
Tenable Nessus
Tenable Nessus
added 2020/03/18 12:0 a.m.60 views

RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0861 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

9.8CVSS7.2AI score0.9927EPSS
Exploits49References11
RedHat Linux
RedHat Linux
added 2020/03/17 1:13 p.m.11 views

tomcat: Session fixation when using FORM authentication

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/03/17 1:10 p.m.53 views

tomcat: Session fixation when using FORM authentication

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2020/02/25 12:0 a.m.48 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.10687EPSS
Exploits0References2
Mageia
Mageia
added 2020/01/28 7:52 a.m.64 views

Updated tomcat packages fix security vulnerabilities

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

7.5CVSS2.6AI score0.10687EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/01/28 12:0 a.m.51 views

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4251-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4251-1 advisory. It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibl...

7.5CVSS7.1AI score0.10687EPSS
Exploits0References3
Debian
Debian
added 2020/01/27 11:13 p.m.82 views

[SECURITY] [DLA 2077-1] tomcat7 security update

Package : tomcat7 Version : 7.0.56-3+really7.0.99-1 CVE ID : CVE-2019-12418 CVE-2019-17563 Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418 When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to...

7.5CVSS8.3AI score0.10687EPSS
Exploits0
OSV
OSV
added 2020/01/27 3:5 p.m.2 views

USN-4251-1 tomcat8 vulnerabilities

It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. CVE-2019-12418 It was discovered that Tomcat...

7.5CVSS6.8AI score0.10687EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/17 12:0 a.m.71 views

Amazon Linux AMI : tomcat8 (ALAS-2020-1337)

The version of tomcat8 installed on the remote host is prior to 8.5.50-1.82. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1337 advisory. When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle...

7.5CVSS7AI score0.10687EPSS
Exploits0References5
Amazon
Amazon
added 2020/01/14 12:0 a.m.83 views

Medium: tomcat8

Issue Overview: When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack ...

7.5CVSS7.1AI score0.10687EPSS
Exploits0
OSV
OSV
added 2019/12/26 6:22 p.m.1 views

GHSA-9XCJ-C8CR-8C3C In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

7.5CVSS6.6AI score0.10687EPSS
Exploits0References21
Github Security Blog
Github Security Blog
added 2019/12/26 6:22 p.m.260 views

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

7.5CVSS3.2AI score0.10687EPSS
Exploits0References21Affected Software1
Rows per page
Query Builder