Description
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
Remediation
References
Related Vulnerabilities
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-1000658)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2018-20826)
Drupal Core 8.7.x Security Bypass (8.7.0 - 8.7.10)
WordPress Plugin Child Theme Creator by Orbisius Cross-Site Request Forgery (1.5.1)
WordPress Plugin 3DPrint Lite Arbitrary File Upload (1.9.1.4)