Release date:
Updated on:
Affected Systems:
Apache Group Tomcat 6.0.33-6.0.37
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65769
CVE (CAN) ID: CVE-2014-0033
Apache Tomcat is a popular open-source JSP application server program.
Tomcat 6.0.33-6.0.37 has a session fixation vulnerability in the implementation of disableURLRewriting. Attackers can exploit this vulnerability to hijack arbitrary sessions and gain unauthorized access to affected applications.
<* Source: Apache Tomcat security team
Saran Neti
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://jakarta.apache.org/tomcat/index.html
Tomcat details: click here
Tomcat: click here
Load Balancing between Apache and multiple Tomcat clusters in Linux
Nginx Tomcat Cluster load balancing solution notes
Instance details Tomcat component installation + Nginx reverse proxy Tomcat + Apache use mod_jk and mod_proxy Reverse Proxy and load balancing
Build an Apache + Tomcat environment (JK deployment process)
In-depth analysis of Tomcat PDF