Information Disclosure

Tomcat is vulnerable to information disclosure. It is possible because it does not prevent the leveraging use of requestedSessionSSL field, allowing the reuse of the same session ID for the next request using that Request object. The vulnerability is not easy to set up as the client because it...

Apache Tomcat Session Fixation Vulnerability (Feb 2016) - Windows

Apache Tomcat is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache Tomcat Session Fixation Vulnerability (Feb 2016) - Linux

Apache Tomcat is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

CVE-2015-5346

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a...