CVE-2015-5346
Description
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
38.131
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0 | Windows |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat 9.0.0 | Windows |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0706 are fixed in Apache - tomcat 8.0.31 | Windows |
| Vulnerabilities CVE-2015-5346 are fixed in Apache - tomcat 7.0.66 | Windows |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-admin-webapps-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-docs-webapp-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-el-2_2-api-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-javadoc-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-jsp-2_2-api-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-lib-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-servlet-3_0-api-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-webapps-7.0.68-7.6.1.noarch.rpm | Linux |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat for Linux 9.0.0 | Linux |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0706 are fixed in Apache - tomcat for Linux 8.0.31 | Linux |
| Vulnerabilities CVE-2015-5346 are fixed in Apache - tomcat for Linux 7.0.66 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234