QwikSec

Security Database

CVE

CWE

Training

CVE-2019-17563

Published: Dec 23, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

Vendor	Product	Versions
Apache Software Foundation	Apache Tomcat	affected `9.0.0.M1 to 9.0.29` affected `8.5.0 to 8.5.49` affected `7.0.0 to 7.0.98`

References

vendor-advisory

x_refsource_DEBIAN

20191229 [SECURITY] [DSA 4596-1] tomcat8 security update

mailing-list

x_refsource_BUGTRAQ

openSUSE-SU-2020:0038

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

[cxf-issues] 20200618 [jira] [Created] (FEDIZ-249) Relying party rejects a valid security token and redirects back to ADFS when using Fediz 1.4.6 with Tomcat 8.5.56

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20200107-0001/

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.