CVE-2019-17563 - Session Fixation

Severity

7.5

When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

Project

Apache Tomcat & Apache TomEE

Versions affected

Apache Tomcat

Tomcat 6.x

All

Tomcat 7.x

7.0.0 to 7.0.99

Get a Patch

Tomcat 8.0.x

All

Tomcat 8.5.x

8.5.0 to 8.5.50

Tomcat 9.x

9.0.0.M1 to 9.0.0.30

Apache TomEE

TomEE 1.7.x

All

TomEE 7.0.x

7.0.0-M1 to 7.0.7

TomEE 7.1.x

7.1.0 to 7.1.2

TomEE 8.0.x

8.0.0-M1 to 8.0.1

CVE-2019-17563 - Session Fixation

Severity

7.5

Project

Versions affected

Apache Tomcat

Apache TomEE

Feel Vulnerable?

Contact us so we can help you.

First name: ^*
Last name: ^*
Email: ^*
Specific CVE: ^*
Tell us more : ^*

Send me a confirmation email

^* These fields are required.

Tomitribe

Services

Open Source