CVE-2013-2067
First published: Fri May 10 2013(Updated: )
A session fixation flaw was found in the way FormAuthenticator module of Apache Tomcat, an Apache Servlet/JSP Engine, performed authentication requests management in certain circumstances (the most recent authentication request was associated with current user's session). An attacker could use this flaw to inject (and possibly successfully to complete) an authentication request, that would be executed using the credentials of the victim. Relevant upstream patch: * for Apache Tomcat 6.x: <a href="http://svn.apache.org/viewvc?view=revision&revision=1417891">http://svn.apache.org/viewvc?view=revision&revision=1417891</a> * for Apache Tomcat 7.x: <a href="http://svn.apache.org/viewvc?view=rev&rev=1408044">http://svn.apache.org/viewvc?view=rev&rev=1408044</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/Apache Tomcat | <6.0.37 | 6.0.37 |
| redhat/Apache Tomcat | <7.0.33 | 7.0.33 |
| Tomcat | =6.0.21 | |
| Tomcat | =6.0.24 | |
| Tomcat | =6.0.26 | |
| Tomcat | =6.0.27 | |
| Tomcat | =6.0.28 | |
| Tomcat | =6.0.29 | |
| Tomcat | =6.0.30 | |
| Tomcat | =6.0.31 | |
| Tomcat | =6.0.32 | |
| Tomcat | =6.0.33 | |
| Tomcat | =6.0.35 | |
| Tomcat | =6.0.36 | |
| Tomcat | =7.0.0 | |
| Tomcat | =7.0.0-beta | |
| Tomcat | =7.0.1 | |
| Tomcat | =7.0.2 | |
| Tomcat | =7.0.2-beta | |
| Tomcat | =7.0.3 | |
| Tomcat | =7.0.4 | |
| Tomcat | =7.0.4-beta | |
| Tomcat | =7.0.5 | |
| Tomcat | =7.0.6 | |
| Tomcat | =7.0.7 | |
| Tomcat | =7.0.8 | |
| Tomcat | =7.0.9 | |
| Tomcat | =7.0.10 | |
| Tomcat | =7.0.11 | |
| Tomcat | =7.0.12 | |
| Tomcat | =7.0.13 | |
| Tomcat | =7.0.14 | |
| Tomcat | =7.0.15 | |
| Tomcat | =7.0.16 | |
| Tomcat | =7.0.17 | |
| Tomcat | =7.0.18 | |
| Tomcat | =7.0.19 | |
| Tomcat | =7.0.20 | |
| Tomcat | =7.0.21 | |
| Tomcat | =7.0.22 | |
| Tomcat | =7.0.23 | |
| Tomcat | =7.0.25 | |
| Tomcat | =7.0.28 | |
| Tomcat | =7.0.30 | |
| Tomcat | =7.0.32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://svn.apache.org/viewvc?view=revision&revision=1417891
- http://svn.apache.org/viewvc?view=rev&rev=1408044
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=961807
- https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
- https://rhn.redhat.com/errata/RHSA-2013-0833.html
- https://rhn.redhat.com/errata/RHSA-2013-0834.html
- https://rhn.redhat.com/errata/RHSA-2013-0839.html
- https://rhn.redhat.com/errata/RHSA-2013-0964.html
- https://rhn.redhat.com/errata/RHSA-2013-1012.html
- https://rhn.redhat.com/errata/RHSA-2013-1011.html
- https://rhn.redhat.com/errata/RHSA-2013-1013.html
- https://rhn.redhat.com/errata/RHSA-2013-1437.html
- https://bugzilla.redhat.com/show_bug.cgi?id=961779
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html
- http://rhn.redhat.com/errata/RHSA-2013-0833.html
- http://rhn.redhat.com/errata/RHSA-2013-0834.html
- http://rhn.redhat.com/errata/RHSA-2013-0839.html
- http://rhn.redhat.com/errata/RHSA-2013-0964.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891
- http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044
- http://svn.apache.org/viewvc?view=revision&revision=1408044
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/59799
- http://www.securityfocus.com/bid/64758
- http://www.ubuntu.com/usn/USN-1841-1
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2013-2067?
CVE-2013-2067 has a severity rating of medium, indicating a moderate risk to users.
How do I fix CVE-2013-2067?
To fix CVE-2013-2067, upgrade your Apache Tomcat to a version that is not affected, specifically versions above the vulnerable ones.
What versions of Apache Tomcat are affected by CVE-2013-2067?
CVE-2013-2067 affects Apache Tomcat versions 6.0.21 to 6.0.36 and 7.0.0 to 7.0.32.
What type of vulnerability is CVE-2013-2067?
CVE-2013-2067 is a session fixation vulnerability that can allow an attacker to hijack a session.
Can CVE-2013-2067 be exploited remotely?
Yes, CVE-2013-2067 can be exploited remotely under certain circumstances if the authentication request is manipulated.
- collector/redhat-bugzilla
- alias/CVE-2013-2067
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/apache
- canonical/tomcat
- version/tomcat/6.0.21
- version/tomcat/6.0.24
- version/tomcat/6.0.26
- version/tomcat/6.0.27
- version/tomcat/6.0.28
- version/tomcat/6.0.29
- version/tomcat/6.0.30
- version/tomcat/6.0.31
- version/tomcat/6.0.32
- version/tomcat/6.0.33
- version/tomcat/6.0.35
- version/tomcat/6.0.36
- version/tomcat/7.0.0
- version/tomcat/7.0.0-beta
- version/tomcat/7.0.1
- version/tomcat/7.0.2
- version/tomcat/7.0.2-beta
- version/tomcat/7.0.3
- version/tomcat/7.0.4
- version/tomcat/7.0.4-beta
- version/tomcat/7.0.5
- version/tomcat/7.0.6
- version/tomcat/7.0.7
- version/tomcat/7.0.8
- version/tomcat/7.0.9
- version/tomcat/7.0.10
- version/tomcat/7.0.11
- version/tomcat/7.0.12
- version/tomcat/7.0.13
- version/tomcat/7.0.14
- version/tomcat/7.0.15
- version/tomcat/7.0.16
- version/tomcat/7.0.17
- version/tomcat/7.0.18
- version/tomcat/7.0.19
- version/tomcat/7.0.20
- version/tomcat/7.0.21
- version/tomcat/7.0.22
- version/tomcat/7.0.23
- version/tomcat/7.0.25
- version/tomcat/7.0.28
- version/tomcat/7.0.30
- version/tomcat/7.0.32