Description
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5803 Vulnerability (CVE-2013-5803)
Serendipity Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-9752)
WordPress Plugin Sitewide Notice WP Cross-Site Scripting (2.2)
WordPress Plugin Tajer Arbitrary File Upload (1.0.5)
WordPress Plugin Startklar Elementor Addons Arbitrary File Deletion (1.7.13)