Description
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Appointments Scheduler Cross-Site Scripting (1.5)
Magento CVE-2019-8229 Vulnerability (CVE-2019-8229)
WebLogic CVE-2023-21931 Vulnerability (CVE-2023-21931)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5597)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2947)