CVE-2014-0033
Improper Input Validation in Apache Tomcat
EPSS 12.5%
Description
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.
How to fix CVE-2014-0033
To remediate CVE-2014-0033, upgrade the affected package to a fixed version below.
- Maven/org.apache.tomcat:tomcat—upgrade to 6.0.38 or later
Is CVE-2014-0033 being exploited?
Moderate — EPSS is 12.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 6.0.33, < 6.0.38