Miggo Logo
Miggo Vulnerability Database
CVE-2019-17563

CVE-2019-17563: In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-17563
GHSA ID
GHSA-9xcj-c8cr-8c3c
EPSS Score
0.86597%
CWE
CWE-384
Published
12/26/2019
Updated
1/28/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat.embed:tomcat-embed-coremaven< 7.0.997.0.99
org.apache.tomcat.embed:tomcat-embed-coremaven>= 8.0.0, < 8.5.508.5.50
org.apache.tomcat.embed:tomcat-embed-coremaven>= 9.0.0, < 9.0.309.0.30

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

W**n usin* *ORM *ut**nti**tion wit* *p**** Tom**t *.*.*.M* to *.*.**, *.*.* to *.*.** *n* *.*.* to *.*.** t**r* w*s * n*rrow win*ow w**r* *n *tt**k*r *oul* p*r*orm * s*ssion *ix*tion *tt**k. T** win*ow w*s *onsi**r** too n*rrow *or *n *xploit to ** p

Reasoning

No *n*lysis *v*il**l*