Summary
The host is running Apache Tomcat Server and is prone to session fixation vulnerability.
Impact
Successful exploitation will allow attackers to conduct session fixation attacks to hijack the target user's session.
Impact Level: Application
Solution
Apply patch or upgrade Apache Tomcat to 7.0.33 or 6.0.37 or later, For updates refer to http://tomcat.apache.org
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Flaw due to improper validation of session cookies in the FormAuthenticator module in 'java/org/apache/catalina/authenticator/FormAuthenticator.java'.
Affected
Apache Tomcat version 6.0.21 before 6.0.37 and 7.x before 7.0.33
References
Severity
Classification
-
CVE CVE-2013-2067 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities