When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
{ "binaries": [ { "binary_name": "libservlet3.0-java", "binary_version": "7.0.52-1ubuntu0.16+esm1" }, { "binary_name": "libtomcat7-java", "binary_version": "7.0.52-1ubuntu0.16+esm1" }, { "binary_name": "tomcat7", "binary_version": "7.0.52-1ubuntu0.16+esm1" }, { "binary_name": "tomcat7-admin", "binary_version": "7.0.52-1ubuntu0.16+esm1" }, { "binary_name": "tomcat7-common", "binary_version": "7.0.52-1ubuntu0.16+esm1" }, { "binary_name": "tomcat7-docs", "binary_version": "7.0.52-1ubuntu0.16+esm1" }, { "binary_name": "tomcat7-examples", "binary_version": "7.0.52-1ubuntu0.16+esm1" }, { "binary_name": "tomcat7-user", "binary_version": "7.0.52-1ubuntu0.16+esm1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libservlet3.1-java", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "libtomcat8-java", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-admin", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-common", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-docs", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-examples", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-user", "binary_version": "8.0.32-1ubuntu1.11" } ] }
{ "binaries": [ { "binary_name": "libservlet3.0-java", "binary_version": "7.0.68-1ubuntu0.4+esm3" }, { "binary_name": "libtomcat7-java", "binary_version": "7.0.68-1ubuntu0.4+esm3" }, { "binary_name": "tomcat7", "binary_version": "7.0.68-1ubuntu0.4+esm3" }, { "binary_name": "tomcat7-admin", "binary_version": "7.0.68-1ubuntu0.4+esm3" }, { "binary_name": "tomcat7-common", "binary_version": "7.0.68-1ubuntu0.4+esm3" }, { "binary_name": "tomcat7-docs", "binary_version": "7.0.68-1ubuntu0.4+esm3" }, { "binary_name": "tomcat7-examples", "binary_version": "7.0.68-1ubuntu0.4+esm3" }, { "binary_name": "tomcat7-user", "binary_version": "7.0.68-1ubuntu0.4+esm3" } ] }
{ "binaries": [ { "binary_name": "libtomcat8-embed-java", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" }, { "binary_name": "libtomcat8-java", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" }, { "binary_name": "tomcat8", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" }, { "binary_name": "tomcat8-admin", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" }, { "binary_name": "tomcat8-common", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" }, { "binary_name": "tomcat8-docs", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" }, { "binary_name": "tomcat8-examples", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" }, { "binary_name": "tomcat8-user", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm5" } ] }
{ "binaries": [ { "binary_name": "libtomcat9-embed-java", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" }, { "binary_name": "libtomcat9-java", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" }, { "binary_name": "tomcat9", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" }, { "binary_name": "tomcat9-admin", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" }, { "binary_name": "tomcat9-common", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" }, { "binary_name": "tomcat9-docs", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" }, { "binary_name": "tomcat9-examples", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" }, { "binary_name": "tomcat9-user", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm7" } ] }