2017-10-16 12:31:07 -04:00
{
2019-03-18 00:45:32 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com" ,
"ID" : "CVE-2013-2067" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
2017-10-16 12:31:07 -04:00
]
2019-03-18 00:45:32 +00:00
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "RHSA-2013:0839" ,
"refsource" : "REDHAT" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0839.html"
} ,
{
"name" : "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891" ,
"refsource" : "CONFIRM" ,
"url" : "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891"
} ,
{
"name" : "RHSA-2013:0964" ,
"refsource" : "REDHAT" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0964.html"
} ,
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1417891" ,
"refsource" : "CONFIRM" ,
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1417891"
} ,
{
"name" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044" ,
"refsource" : "CONFIRM" ,
"url" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044"
} ,
{
"name" : "http://tomcat.apache.org/security-7.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://tomcat.apache.org/security-7.html"
} ,
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
} ,
{
"name" : "RHSA-2013:0833" ,
"refsource" : "REDHAT" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
} ,
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1408044" ,
"refsource" : "CONFIRM" ,
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1408044"
} ,
{
"name" : "RHSA-2013:1437" ,
"refsource" : "REDHAT" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
} ,
{
"name" : "http://tomcat.apache.org/security-6.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://tomcat.apache.org/security-6.html"
} ,
{
"name" : "59799" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/59799"
} ,
{
"name" : "USN-1841-1" ,
"refsource" : "UBUNTU" ,
"url" : "http://www.ubuntu.com/usn/USN-1841-1"
} ,
{
"name" : "RHSA-2013:0834" ,
"refsource" : "REDHAT" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0834.html"
} ,
{
"name" : "64758" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/64758"
} ,
{
"name" : "20130510 [SECURITY] CVE-2013-2067 Session fixation with FORM authenticator" ,
"refsource" : "BUGTRAQ" ,
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html"
} ,
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}
