Session fixation vulnerability in Apache Tomcat 7.x prior to 7.0.66, 8.x prior to 8.0.30, and 9.x prior to 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote malicious users to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 7.0.2 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.62 |
||
apache tomcat 8.0.17 |
||
apache tomcat 7.0.53 |
||
apache tomcat 7.0.20 |
||
apache tomcat 7.0.34 |
||
apache tomcat 8.0.26 |
||
apache tomcat 7.0.55 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.63 |
||
apache tomcat 8.0.20 |
||
apache tomcat 7.0.22 |
||
apache tomcat 7.0.39 |
||
apache tomcat 7.0.26 |
||
apache tomcat 7.0.28 |
||
apache tomcat 8.0.1 |
||
apache tomcat 8.0.0 |
||
apache tomcat 7.0.59 |
||
apache tomcat 7.0.65 |
||
apache tomcat 7.0.50 |
||
apache tomcat 7.0.6 |
||
apache tomcat 8.0.12 |
||
apache tomcat 7.0.14 |
||
apache tomcat 8.0.27 |
||
apache tomcat 8.0.15 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.23 |
||
apache tomcat 7.0.0 |
||
apache tomcat 8.0.22 |
||
apache tomcat 8.0.29 |
||
apache tomcat 7.0.52 |
||
apache tomcat 7.0.42 |
||
apache tomcat 7.0.37 |
||
apache tomcat 7.0.29 |
||
apache tomcat 8.0.11 |
||
apache tomcat 8.0.24 |
||
apache tomcat 8.0.23 |
||
apache tomcat 7.0.47 |
||
apache tomcat 7.0.5 |
||
apache tomcat 8.0.21 |
||
apache tomcat 7.0.41 |
||
apache tomcat 7.0.30 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.10 |
||
apache tomcat 8.0.18 |
||
apache tomcat 7.0.25 |
||
apache tomcat 7.0.54 |
||
apache tomcat 7.0.35 |
||
apache tomcat 7.0.61 |
||
apache tomcat 8.0.3 |
||
apache tomcat 7.0.57 |
||
apache tomcat 8.0.14 |
||
apache tomcat 7.0.32 |
||
apache tomcat 7.0.21 |
||
apache tomcat 7.0.27 |
||
apache tomcat 7.0.40 |
||
apache tomcat 7.0.56 |
||
apache tomcat 8.0.28 |
||
apache tomcat 7.0.64 |
||
apache tomcat 7.0.33 |
||
apache tomcat 9.0.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |