Description
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
Remediation
References
http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://rhn.redhat.com/errata/RHSA-2013-0834.html
http://rhn.redhat.com/errata/RHSA-2013-0839.html
http://rhn.redhat.com/errata/RHSA-2013-0964.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044
http://svn.apache.org/viewvc?view=revision&revision=1408044
http://svn.apache.org/viewvc?view=revision&revision=1417891
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/59799
http://www.securityfocus.com/bid/64758
http://www.ubuntu.com/usn/USN-1841-1
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Related Vulnerabilities
CVE-2023-40827 Vulnerability in maven package org.pf4j:pf4j
CVE-2020-11023 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-base
CVE-2014-9634 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-23337 Vulnerability in maven package org.webjars.bower:lodash