CVE-2013-2067
tomcat: Session fixation in form authenticator
Severity Score
6.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
v6.0.21 hasta v6.0.36 y v7.x anteriores a v7.0.33 no maneja de forma adecuada las relaciones entre requisitos de autenticación y las sesiones, lo que permite a atacantes remotos a inyctar una petición en una sesión enviando esta petición durante el proceso de completado del formulario de login, es una variante del ataque de fijado de sesión.
It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-05-28 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-384: Session Fixation
CAPEC
References (25)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0833.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2013-0834.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2013-0839.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2013-0964.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2013-1437.html | 2023-11-07 | |
| http://tomcat.apache.org/security-6.html | 2023-11-07 | |
| http://tomcat.apache.org/security-7.html | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-1841-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2013-2067 | 2013-10-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=961779 | 2013-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.21 Search vendor "Apache" for product "Tomcat" and version "6.0.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.24 Search vendor "Apache" for product "Tomcat" and version "6.0.24" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.26 Search vendor "Apache" for product "Tomcat" and version "6.0.26" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.27 Search vendor "Apache" for product "Tomcat" and version "6.0.27" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.28 Search vendor "Apache" for product "Tomcat" and version "6.0.28" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.29 Search vendor "Apache" for product "Tomcat" and version "6.0.29" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.30 Search vendor "Apache" for product "Tomcat" and version "6.0.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.31 Search vendor "Apache" for product "Tomcat" and version "6.0.31" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.32 Search vendor "Apache" for product "Tomcat" and version "6.0.32" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.33 Search vendor "Apache" for product "Tomcat" and version "6.0.33" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.35 Search vendor "Apache" for product "Tomcat" and version "6.0.35" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.36 Search vendor "Apache" for product "Tomcat" and version "6.0.36" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.1 Search vendor "Apache" for product "Tomcat" and version "7.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.3 Search vendor "Apache" for product "Tomcat" and version "7.0.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.5 Search vendor "Apache" for product "Tomcat" and version "7.0.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.6 Search vendor "Apache" for product "Tomcat" and version "7.0.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.7 Search vendor "Apache" for product "Tomcat" and version "7.0.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.8 Search vendor "Apache" for product "Tomcat" and version "7.0.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.9 Search vendor "Apache" for product "Tomcat" and version "7.0.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.10 Search vendor "Apache" for product "Tomcat" and version "7.0.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.11 Search vendor "Apache" for product "Tomcat" and version "7.0.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.12 Search vendor "Apache" for product "Tomcat" and version "7.0.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.13 Search vendor "Apache" for product "Tomcat" and version "7.0.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.14 Search vendor "Apache" for product "Tomcat" and version "7.0.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.15 Search vendor "Apache" for product "Tomcat" and version "7.0.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.16 Search vendor "Apache" for product "Tomcat" and version "7.0.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.17 Search vendor "Apache" for product "Tomcat" and version "7.0.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.18 Search vendor "Apache" for product "Tomcat" and version "7.0.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.19 Search vendor "Apache" for product "Tomcat" and version "7.0.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.20 Search vendor "Apache" for product "Tomcat" and version "7.0.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.21 Search vendor "Apache" for product "Tomcat" and version "7.0.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.22 Search vendor "Apache" for product "Tomcat" and version "7.0.22" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.23 Search vendor "Apache" for product "Tomcat" and version "7.0.23" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.25 Search vendor "Apache" for product "Tomcat" and version "7.0.25" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.28 Search vendor "Apache" for product "Tomcat" and version "7.0.28" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.30 Search vendor "Apache" for product "Tomcat" and version "7.0.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.32 Search vendor "Apache" for product "Tomcat" and version "7.0.32" | - |
Affected
| ||||||