6.8
CVSSv2

CVE-2013-2067

Published: 01/06/2013 Updated: 15/04/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 up to and including 6.0.36 and 7.x prior to 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote malicious users to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Affected Products

Vendor Product Versions
ApacheTomcat6.0.21, 6.0.24, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.35, 6.0.36, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.28, 7.0.30, 7.0.32

Vendor Advisories

Several security issues were fixed in Tomcat ...
java/org/apache/catalina/authenticator/FormAuthenticatorjava in the form authentication feature in Apache Tomcat 6021 through 6036 and 7x before 7033 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during com ...
Debian Bug report logs - #707704 tomcat7: CVE-2013-2071 Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 10 May 2013 13:27:01 UTC Seve ...
Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a req ...
Oracle Critical Patch Update Advisory - October 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

References

CWE-287http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0833.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0834.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0839.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0964.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1437.htmlhttp://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044http://svn.apache.org/viewvc?view=revision&revision=1408044http://svn.apache.org/viewvc?view=revision&revision=1417891http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/59799http://www.securityfocus.com/bid/64758http://www.ubuntu.com/usn/USN-1841-1https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttp://tools.cisco.com/security/center/viewAlert.x?alertId=29281https://nvd.nist.govhttps://usn.ubuntu.com/1841-1/https://access.redhat.com/security/cve/cve-2013-2067