CVE-2015-5346

HIGH Year: 2015
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

Related Vulnerabilities

CVE-2006-5160

HIGH
CVSS:8.1(High)

Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment...

NVD-CWE-Other2006

CVE-2012-0003

HIGH
CVSS:8.1(High)

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote at...

NVD-CWE-Other2012

CVE-2012-0063

HIGH
CVSS:8.1(High)

Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan.

NVD-CWE-Other2012

CVE-2013-6040

HIGH
CVSS:8.1(High)

MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX c...

NVD-CWE-Other2013

CVE-2014-2680

HIGH
CVSS:8.1(High)

The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.

NVD-CWE-Other2014

CVE-2015-6184

HIGH
CVSS:8.1(High)

The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) v...

NVD-CWE-Other2015