VDB
KO
MEDIUM 6.5

GHSA-23hv-mwm6-g8jf

Apache Tomcat Session Fixation vulnerability

Details

Session Fixation vulnerability in Apache Tomcat via rewrite valve.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.apache.tomcat:tomcat-catalina
Introduced in: 11.0.0-M1 Fixed in: 11.0.8
Fix # pom.xml: bump <version>11.0.8</version> for org.apache.tomcat:tomcat-catalina
Maven / org.apache.tomcat:tomcat-catalina
Introduced in: 10.1.0-M1 Fixed in: 10.1.42
Fix # pom.xml: bump <version>10.1.42</version> for org.apache.tomcat:tomcat-catalina
Maven / org.apache.tomcat:tomcat-catalina
Introduced in: 9.0.0.M1 Fixed in: 9.0.106
Fix # pom.xml: bump <version>9.0.106</version> for org.apache.tomcat:tomcat-catalina
Maven / org.apache.tomcat.embed:tomcat-embed-core
Introduced in: 11.0.0-M1 Fixed in: 11.0.8
Fix # pom.xml: bump <version>11.0.8</version> for org.apache.tomcat.embed:tomcat-embed-core
Maven / org.apache.tomcat.embed:tomcat-embed-core
Introduced in: 10.1.0-M1 Fixed in: 10.1.42
Fix # pom.xml: bump <version>10.1.42</version> for org.apache.tomcat.embed:tomcat-embed-core
Maven / org.apache.tomcat.embed:tomcat-embed-core
Introduced in: 9.0.0.M1 Fixed in: 9.0.106
Fix # pom.xml: bump <version>9.0.106</version> for org.apache.tomcat.embed:tomcat-embed-core

References