Description
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)
WordPress Plugin Thrive Leads Security Bypass (2.3.9.3)
WordPress CVE-2020-28033 Vulnerability (CVE-2020-28033)
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.9)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-36326)