cve/CVE-2019-17563.md at 49bdc782b38d7d6d975377fc69b0c94bc5c39b3a

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

POC

Reference

https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html

Github

https://github.com/Live-Hack-CVE/CVE-2019-17563
https://github.com/raner/projo
https://github.com/rootameen/vulpine
https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough

1.1 KiB Raw Blame History

CVE-2019-17563

Description

POC

Reference

Github

1.1 KiB

Raw Blame History