CVE-2019-17563

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html

https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.cxf.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html

https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html

https://seclists.org/bugtraq/2019/Dec/43

https://security.gentoo.org/glsa/202003-43

https://security.netapp.com/advisory/ntap-20200107-0001/

https://usn.ubuntu.com/4251-1/

https://www.debian.org/security/2019/dsa-4596

https://www.debian.org/security/2020/dsa-4680

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpujul2020.html

Details

Source: MITRE

Published: 2019-12-23

Updated: 2021-01-20

Type: CWE-384

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
148890RHEL 7 : tomcat (RHSA-2021:1030)NessusRed Hat Local Security Checks
medium
147834RHEL 7 : tomcat (RHSA-2021:0882)NessusRed Hat Local Security Checks
medium
147349NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Multiple Vulnerabilities (NS-SA-2021-0028)NessusNewStart CGSL Local Security Checks
medium
141699Scientific Linux Security Update : tomcat on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141616CentOS 7 : tomcat (CESA-2020:4004)NessusCentOS Local Security Checks
high
141038RHEL 7 : tomcat (RHSA-2020:4004)NessusRed Hat Local Security Checks
high
138039MySQL Enterprise Monitor 4.0.11.x < 4.0.12.5341 / 8.0.18.x < 8.0.20.1227(Apr 2020 CPU)NessusCGI abuses
high
137487EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2020-1645)NessusHuawei Local Security Checks
critical
136951Debian DLA-2209-1 : tomcat8 security updateNessusDebian Local Security Checks
critical
136376Debian DSA-4680-1 : tomcat9 - security updateNessusDebian Local Security Checks
critical
135773RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3 release (Important) (RHSA-2020:1520)NessusRed Hat Local Security Checks
critical
135585Oracle Database Server Multiple Vulnerabilities (Apr 2020 CPU)NessusDatabases
high
135567EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2020-1438)NessusHuawei Local Security Checks
critical
134729GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
134668RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)NessusRed Hat Local Security Checks
critical
98969Apache Tomcat 7.0.x < 7.0.99 Session FixationWeb Application ScanningComponent Vulnerability
high
98968Apache Tomcat 8.5.x < 8.5.50 Session FixationWeb Application ScanningComponent Vulnerability
high
98949Apache Tomcat 9.0.0.M1 < 9.0.30 Session FixationWeb Application ScanningComponent Vulnerability
high
134016EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1182)NessusHuawei Local Security Checks
high
133937EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1136)NessusHuawei Local Security Checks
high
133290Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4251-1)NessusUbuntu Local Security Checks
high
133276Debian DLA-2077-1 : tomcat7 security updateNessusDebian Local Security Checks
critical
133209Photon OS 3.0: Apache PHSA-2020-3.0-0051NessusPhotonOS Local Security Checks
high
133007Amazon Linux AMI : tomcat8 (ALAS-2020-1337)NessusAmazon Linux Local Security Checks
critical
132988Photon OS 2.0: Apache PHSA-2020-2.0-0200NessusPhotonOS Local Security Checks
high
132979Photon OS 1.0: Apache PHSA-2020-1.0-0264NessusPhotonOS Local Security Checks
high
132913openSUSE Security Update : tomcat (openSUSE-2020-38)NessusSuSE Local Security Checks
high
132427Debian DSA-4596-1 : tomcat8 - security updateNessusDebian Local Security Checks
critical
132419Apache Tomcat 9.0.0.M1 < 9.0.30 Privilege Escalation VulnerabilityNessusWeb Servers
high
132418Apache Tomcat 8.5.0 < 8.5.50 Privilege Escalation VulnerabilityNessusWeb Servers
high