CVE-2019-17563
23.12.2019, 17:15
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.Enginsight
Vendor | Product | Version |
---|---|---|
apache | tomcat | 7.0.0 ≤ 𝑥 ≤ 7.0.98 |
apache | tomcat | 8.5.0 ≤ 𝑥 ≤ 8.5.49 |
apache | tomcat | 9.0.0 ≤ 𝑥 ≤ 9.0.29 |
debian | debian_linux | 8.0 |
debian | debian_linux | 9.0 |
debian | debian_linux | 10.0 |
opensuse | leap | 15.1 |
canonical | ubuntu_linux | 16.04 |
oracle | agile_engineering_data_management | 6.2.1.0 |
oracle | hyperion_infrastructure_technology | 11.1.2.4 |
oracle | instantis_enterprisetrack | 17.1 ≤ 𝑥 ≤ 17.3 |
oracle | micros_relate_crm_software | 11.4 |
oracle | mysql_enterprise_monitor | 𝑥 ≤ 4.0.11.5331 |
oracle | mysql_enterprise_monitor | 8.0.0 ≤ 𝑥 ≤ 8.0.18.1217 |
oracle | retail_order_broker | 15.0 |
oracle | transportation_management | 6.3.7 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
tomcat7 |
| ||||||||||||||||||||||||||||
tomcat8 |
| ||||||||||||||||||||||||||||
tomcat9 |
|
Common Weakness Enumeration
References