Vulnerability Name:

CVE-2013-2067 (CCN-84154)

Assigned:2013-05-10
Published:2013-05-10
Updated:2019-04-15
Summary:java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-287
CWE-384
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: UNKNOWN
20130510 [SECURITY] CVE-2013-2067 Session fixation with FORM authenticator

Source: MITRE
Type: CNA
CVE-2013-2067

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0833

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0834

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0839

Source: CCN
Type: RHSA-2013-0964
Moderate: tomcat6 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0964

Source: CCN
Type: RHSA-2013-1011
Moderate: Red Hat JBoss Web Server 2.0.1 update

Source: CCN
Type: RHSA-2013-1012
Moderate: Red Hat JBoss Web Server 2.0.1 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1437

Source: CCN
Type: SA53348
Apache Tomcat FormAuthenticator Session Hijacking Weakness

Source: CCN
Type: SA57065
HP Service Manager Multiple Vulnerabilities

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc?view=revision&revision=1408044

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc?view=revision&revision=1417891

Source: CCN
Type: Apache SVN Repository
Revision 1378702

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-6.html

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-7.html

Source: CCN
Type: IBM Security Bulletin 1649801
IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)

Source: DEBIAN
Type: DSA-2725
tomcat6 -- several vulnerabilities

Source: CCN
Type: Oracle CPUOct2016
Oracle Critical Patch Update Advisory - October 2016

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2014

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Source: BID
Type: UNKNOWN
59799

Source: CCN
Type: BID-59799
Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability

Source: BID
Type: UNKNOWN
64758

Source: CCN
Type: BID-64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities

Source: CCN
Type: BID-65736
HP Service Manager CVE-2013-6202 Multiple Security Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-1841-1

Source: CCN
Type: Red Hat Bugzilla Bug 961779
CVE-2013-2067 tomcat: Session fixation in form authenticator

Source: XF
Type: UNKNOWN
tomcat-cve20132067-session-hijacking(84154)

Source: CCN
Type: HP Security Bulletin HPSBMU02964
HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/

Source: CCN
Type: IBM Security Bulletin 6496741 (Sterling B2B Integrator)
Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-2067

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:tomcat:6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_composite_application_manager:7.3:*:*:*:transactions:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20132067
    V
    		CVE-2013-2067
    2022-09-02
    oval:org.mitre.oval:def:26473
    V
    		Allows remote attackers to inject a request into a session by sending this request during completion of the login form
    2014-10-20
    oval:org.mitre.oval:def:18192
    P
    		USN-1841-1 -- tomcat6, tomcat7 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18605
    P
    		DSA-2725-1 tomcat6 - several
    2014-06-23
    oval:org.mitre.oval:def:24045
    P
    		ELSA-2013:0964: tomcat6 security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:20834
    P
    		RHSA-2013:0964: tomcat6 security update (Moderate)
    2014-02-17
    oval:com.redhat.rhsa:def:20130964
    P
    		RHSA-2013:0964: tomcat6 security update (Moderate)
    2013-06-20
    oval:com.ubuntu.precise:def:20132067000
    V
    		CVE-2013-2067 on Ubuntu 12.04 LTS (precise) - medium.
    2013-06-01
    oval:com.ubuntu.trusty:def:20132067000
    V
    		CVE-2013-2067 on Ubuntu 14.04 LTS (trusty) - medium.
    2013-06-01
    oval:com.ubuntu.xenial:def:201320670000000
    V
    		CVE-2013-2067 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-06-01
    oval:com.ubuntu.xenial:def:20132067000
    V
    		CVE-2013-2067 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-06-01
    BACK
    apache tomcat 6.0.21
    apache tomcat 6.0.24
    apache tomcat 6.0.26
    apache tomcat 6.0.27
    apache tomcat 6.0.28
    apache tomcat 6.0.29
    apache tomcat 6.0.30
    apache tomcat 6.0.31
    apache tomcat 6.0.32
    apache tomcat 6.0.33
    apache tomcat 6.0.35
    apache tomcat 6.0.36
    apache tomcat 7.0.0
    apache tomcat 7.0.0 beta
    apache tomcat 7.0.1
    apache tomcat 7.0.2
    apache tomcat 7.0.2 beta
    apache tomcat 7.0.3
    apache tomcat 7.0.4
    apache tomcat 7.0.4 beta
    apache tomcat 7.0.5
    apache tomcat 7.0.6
    apache tomcat 7.0.7
    apache tomcat 7.0.8
    apache tomcat 7.0.9
    apache tomcat 7.0.10
    apache tomcat 7.0.11
    apache tomcat 7.0.12
    apache tomcat 7.0.13
    apache tomcat 7.0.14
    apache tomcat 7.0.15
    apache tomcat 7.0.16
    apache tomcat 7.0.17
    apache tomcat 7.0.18
    apache tomcat 7.0.19
    apache tomcat 7.0.20
    apache tomcat 7.0.21
    apache tomcat 7.0.22
    apache tomcat 7.0.23
    apache tomcat 7.0.25
    apache tomcat 7.0.28
    apache tomcat 7.0.30
    apache tomcat 7.0.32
    apache tomcat 6
    apache tomcat 7.0.0 beta
    apache tomcat 7.0.1
    apache tomcat 7.0.2
    apache tomcat 7.0.3
    apache tomcat 7.0.4
    apache tomcat 7.0.8
    apache tomcat 7.0.5
    apache tomcat 7.0.6
    apache tomcat 7.0.7
    apache tomcat 7.0.9
    apache tomcat 7.0.10
    apache tomcat 7.0.11
    apache tomcat 7.0.12
    apache tomcat 7.0.13
    apache tomcat 7.0.16
    apache tomcat 7.0.21
    apache tomcat 7.0.0
    apache tomcat 7.0.14
    apache tomcat 7.0.15
    apache tomcat 7.0.17
    apache tomcat 7.0.18
    apache tomcat 7.0.19
    apache tomcat 7.0.2 beta
    apache tomcat 7.0.20
    apache tomcat 7.0.22
    apache tomcat 7.0.23
    apache tomcat 7.0.25
    apache tomcat 7.0.4 beta
    apache tomcat 7.0.28
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    ibm tivoli composite application manager 7.3
    ibm sterling b2b integrator 6.0.0.0
    ibm sterling b2b integrator 5.2.0.0