CVE-2019-17563
EUVD-2019-078723.12.2019, 17:15
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | tomcat | 7.0.0 ≤ 𝑥 ≤ 7.0.98 |
| apache | tomcat | 8.5.0 ≤ 𝑥 ≤ 8.5.49 |
| apache | tomcat | 9.0.0 ≤ 𝑥 ≤ 9.0.29 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| oracle | agile_engineering_data_management | 6.2.1.0 |
| oracle | hyperion_infrastructure_technology | 11.1.2.4 |
| oracle | instantis_enterprisetrack | 17.1 ≤ 𝑥 ≤ 17.3 |
| oracle | micros_relate_crm_software | 11.4 |
| oracle | mysql_enterprise_monitor | 𝑥 ≤ 4.0.11.5331 |
| oracle | mysql_enterprise_monitor | 8.0.0 ≤ 𝑥 ≤ 8.0.18.1217 |
| oracle | retail_order_broker | 15.0 |
| oracle | transportation_management | 6.3.7 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| tomcat7 |
| ||||||||||||||||||||||||||||
| tomcat8 |
| ||||||||||||||||||||||||||||
| tomcat9 |
|
Common Weakness Enumeration
References