CVE-2013-2067 in Oracle Communications Policy Managementinfo

Summary

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Reservation

02/19/2013

Disclosure

06/01/2013

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
92886	Oracle Communications Policy Management Tomcat improper authentication	287	Not defined	Official fix	CVE-2013-2067
92870	Oracle Communications Policy Management Tomcat improper authentication	287	Not defined	Official fix	CVE-2013-2067
11922	Oracle Secure Global Desktop Apache Tomcat improper authentication	287	Not defined	Official fix	CVE-2013-2067
11846	Oracle Transportation Management Application Server improper authentication	287	Not defined	Official fix	CVE-2013-2067
8664	Apache Tomcat FORM Authentication improper authentication	287	Not defined	Official fix	CVE-2013-2067

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!