The host is running Apache Tomcat Server and is prone to session fixation vulnerability.
Successful exploitation will allow attackers to conduct session fixation attacks to hijack the target user's session. Impact Level: Application
Apply patch or upgrade Apache Tomcat to 7.0.33 or 6.0.37 or later, For updates refer to http://tomcat.apache.org ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****
Flaw due to improper validation of session cookies in the FormAuthenticator module in 'java/org/apache/catalina/authenticator/FormAuthenticator.java'.
Apache Tomcat version 6.0.21 before 6.0.37 and 7.x before 7.0.33
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
- IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
- Cross-Site Scripting in Cherokee Error Pages