4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.7%
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33
through 6.0.37 does not consider the disableURLRewriting setting when
handling a session ID in a URL, which allows remote attackers to conduct
session fixation attacks via a crafted URL.
Author | Note |
---|---|
mdeslaur | introduced by http://svn.apache.org/viewvc?view=rev&rev=1149220 in 6.0.33 |