CVE-2019-17563 vulnerability in Apache and Other Products
Published on December 23, 2019

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-17563

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-17563 are published in these products:

Apache Tomcat

Canonical Ubuntu Linux

Debian Linux

OpenSuse Leap

Oracle Transportation Management

Oracle Retail Order Broker

Oracle Micros Relate Crm Software

Oracle Instantis Enterprisetrack

Oracle Hyperion Infrastructure Technology

Oracle Agile Engineering Data Management

Oracle Mysql Enterprise Monitor

Affected Versions

Apache Software Foundation Apache Tomcat:

Version 9.0.0.M1 to 9.0.29 is affected.
Version 8.5.0 to 8.5.49 is affected.
Version 7.0.0 to 7.0.98 is affected.

Exploit Probability

EPSS

2.43%

Percentile

84.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-17563 vulnerability in Apache and Other ProductsPublished on December 23, 2019

Products Associated with CVE-2019-17563

Affected Versions

Exploit Probability

CVE-2019-17563 vulnerability in Apache and Other Products
Published on December 23, 2019