CentOS Update For Tomcat6 CESA-2013:0964 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. (CVE-2013-2067) Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.

Affected

tomcat6 on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2013-June/019801.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2067

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1536 (pidgin)
CentOS Update for 389-ds-base CESA-2014:1031 centos7
CentOS Security Advisory CESA-2009:0361 (NetworkManager)
CentOS Security Advisory CESA-2009:0013 (avahi)
CentOS Security Advisory CESA-2009:1179 (bind)

CentOS Update for tomcat6 CESA-2013:0964 centos6

Take action and discover your vulnerabilities