Endpoint Vulnerability

Apache Tomcat - Important: Session fixation CVE-2013-2067

Description

FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials.

Affected Products

Apache Tomcat

References

CVE-2013-2067,