mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.5 KiB
1.5 KiB
CVE-2019-17563
Description
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
POC
Reference
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Github
- https://github.com/Live-Hack-CVE/CVE-2019-17563
- https://github.com/PATEN-Tool/PATEN
- https://github.com/dusbot/cpe2cve
- https://github.com/m3n0sd0n4ld/uCVE
- https://github.com/raner/projo
- https://github.com/rootameen/vulpine
- https://github.com/versio-io/product-lifecycle-security-api
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough