Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Tomcat 输入验证错误漏洞
Vulnerability Description
Apache Tomcat是美国阿帕奇(Apache)软件基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 6.0.33至6.0.37版本中的org/apache/catalina/connector/CoyoteAdapter.java文件存在输入验证漏洞,该漏洞源于当处理URL中的会话ID时,程序设置‘disableURLRewriting’值为‘true’。远程攻击者可借助特制的URL利用该漏洞实施会话固定
CVSS Information
N/A
Vulnerability Type
N/A