Launchpad CVE tracker

CVE 2013-2067

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Related bugs and status

CVE-2013-2067 (Candidate) is related to these bugs:

Bug #1073159: Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and tomcat-native] to fix serious CVE reports

Summary				In	Importance	Status
	1073159	Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and tomcat-native] to fix serious CVE reports		Precise Backports	Undecided	Won't Fix
	1073159	Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and tomcat-native] to fix serious CVE reports		tomcat7 (Ubuntu)	High	Won't Fix

Bug #1166649: Multiple open vulnerabilities in tomcat6 in quantal

		In	Importance	Status
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Quantal)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Saucy)	Undecided	Fix Released

Bug #1178645: tomcat7 needs update to 7.0.40

		In	Importance	Status
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu)	Undecided	Fix Released
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Precise)	Undecided	Won't Fix
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Quantal)	Undecided	Fix Released
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Raring)	Undecided	Fix Released
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Saucy)	Undecided	Fix Released

Bug #1197151: Please sync package tomcat7 (7.0.35-1~exp2ubuntu1) from Raring Dist to Precise Dist

Summary				In	Importance	Status
	1197151	Please sync package tomcat7 (7.0.35-1~exp2ubuntu1) from Raring Dist to Precise Dist		Ubuntu	Undecided	Invalid

Bug #1290819: Update the 7.x trunk for 12.04LTS

Summary				In	Importance	Status
	1290819	Update the 7.x trunk for 12.04LTS		tomcat7 (Ubuntu)	High	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2067

References