Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2015-5346

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.393
EPSS Ranking 97.1%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2015-5346
  • Apache » Tomcat » Version: 7.0.0
    cpe:2.3:a:apache:tomcat:7.0.0
  • Apache » Tomcat » Version: 7.0.10
    cpe:2.3:a:apache:tomcat:7.0.10
  • Apache » Tomcat » Version: 7.0.11
    cpe:2.3:a:apache:tomcat:7.0.11
  • Apache » Tomcat » Version: 7.0.12
    cpe:2.3:a:apache:tomcat:7.0.12
  • Apache » Tomcat » Version: 7.0.14
    cpe:2.3:a:apache:tomcat:7.0.14
  • Apache » Tomcat » Version: 7.0.16
    cpe:2.3:a:apache:tomcat:7.0.16
  • Apache » Tomcat » Version: 7.0.19
    cpe:2.3:a:apache:tomcat:7.0.19
  • Apache » Tomcat » Version: 7.0.2
    cpe:2.3:a:apache:tomcat:7.0.2
  • Apache » Tomcat » Version: 7.0.20
    cpe:2.3:a:apache:tomcat:7.0.20
  • Apache » Tomcat » Version: 7.0.21
    cpe:2.3:a:apache:tomcat:7.0.21
  • Apache » Tomcat » Version: 7.0.22
    cpe:2.3:a:apache:tomcat:7.0.22
  • Apache » Tomcat » Version: 7.0.23
    cpe:2.3:a:apache:tomcat:7.0.23
  • Apache » Tomcat » Version: 7.0.25
    cpe:2.3:a:apache:tomcat:7.0.25
  • Apache » Tomcat » Version: 7.0.26
    cpe:2.3:a:apache:tomcat:7.0.26
  • Apache » Tomcat » Version: 7.0.27
    cpe:2.3:a:apache:tomcat:7.0.27
  • Apache » Tomcat » Version: 7.0.28
    cpe:2.3:a:apache:tomcat:7.0.28
  • Apache » Tomcat » Version: 7.0.29
    cpe:2.3:a:apache:tomcat:7.0.29
  • Apache » Tomcat » Version: 7.0.30
    cpe:2.3:a:apache:tomcat:7.0.30
  • Apache » Tomcat » Version: 7.0.32
    cpe:2.3:a:apache:tomcat:7.0.32
  • Apache » Tomcat » Version: 7.0.33
    cpe:2.3:a:apache:tomcat:7.0.33
  • Apache » Tomcat » Version: 7.0.34
    cpe:2.3:a:apache:tomcat:7.0.34
  • Apache » Tomcat » Version: 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache » Tomcat » Version: 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache » Tomcat » Version: 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache » Tomcat » Version: 7.0.4
    cpe:2.3:a:apache:tomcat:7.0.4
  • Apache » Tomcat » Version: 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache » Tomcat » Version: 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache » Tomcat » Version: 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache » Tomcat » Version: 7.0.47
    cpe:2.3:a:apache:tomcat:7.0.47
  • Apache » Tomcat » Version: 7.0.5
    cpe:2.3:a:apache:tomcat:7.0.5
  • Apache » Tomcat » Version: 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Apache » Tomcat » Version: 7.0.52
    cpe:2.3:a:apache:tomcat:7.0.52
  • Apache » Tomcat » Version: 7.0.53
    cpe:2.3:a:apache:tomcat:7.0.53
  • Apache » Tomcat » Version: 7.0.54
    cpe:2.3:a:apache:tomcat:7.0.54
  • Apache » Tomcat » Version: 7.0.55
    cpe:2.3:a:apache:tomcat:7.0.55
  • Apache » Tomcat » Version: 7.0.56
    cpe:2.3:a:apache:tomcat:7.0.56
  • Apache » Tomcat » Version: 7.0.57
    cpe:2.3:a:apache:tomcat:7.0.57
  • Apache » Tomcat » Version: 7.0.59
    cpe:2.3:a:apache:tomcat:7.0.59
  • Apache » Tomcat » Version: 7.0.6
    cpe:2.3:a:apache:tomcat:7.0.6
  • Apache » Tomcat » Version: 7.0.61
    cpe:2.3:a:apache:tomcat:7.0.61
  • Apache » Tomcat » Version: 7.0.62
    cpe:2.3:a:apache:tomcat:7.0.62
  • Apache » Tomcat » Version: 7.0.63
    cpe:2.3:a:apache:tomcat:7.0.63
  • Apache » Tomcat » Version: 7.0.64
    cpe:2.3:a:apache:tomcat:7.0.64
  • Apache » Tomcat » Version: 7.0.65
    cpe:2.3:a:apache:tomcat:7.0.65
  • Apache » Tomcat » Version: 8.0.0
    cpe:2.3:a:apache:tomcat:8.0.0
  • Apache » Tomcat » Version: 8.0.1
    cpe:2.3:a:apache:tomcat:8.0.1
  • Apache » Tomcat » Version: 8.0.11
    cpe:2.3:a:apache:tomcat:8.0.11
  • Apache » Tomcat » Version: 8.0.12
    cpe:2.3:a:apache:tomcat:8.0.12
  • Apache » Tomcat » Version: 8.0.14
    cpe:2.3:a:apache:tomcat:8.0.14
  • Apache » Tomcat » Version: 8.0.15
    cpe:2.3:a:apache:tomcat:8.0.15
  • Apache » Tomcat » Version: 8.0.17
    cpe:2.3:a:apache:tomcat:8.0.17
  • Apache » Tomcat » Version: 8.0.18
    cpe:2.3:a:apache:tomcat:8.0.18
  • Apache » Tomcat » Version: 8.0.20
    cpe:2.3:a:apache:tomcat:8.0.20
  • Apache » Tomcat » Version: 8.0.21
    cpe:2.3:a:apache:tomcat:8.0.21
  • Apache » Tomcat » Version: 8.0.22
    cpe:2.3:a:apache:tomcat:8.0.22
  • Apache » Tomcat » Version: 8.0.23
    cpe:2.3:a:apache:tomcat:8.0.23
  • Apache » Tomcat » Version: 8.0.24
    cpe:2.3:a:apache:tomcat:8.0.24
  • Apache » Tomcat » Version: 8.0.26
    cpe:2.3:a:apache:tomcat:8.0.26
  • Apache » Tomcat » Version: 8.0.27
    cpe:2.3:a:apache:tomcat:8.0.27
  • Apache » Tomcat » Version: 8.0.28
    cpe:2.3:a:apache:tomcat:8.0.28
  • Apache » Tomcat » Version: 8.0.29
    cpe:2.3:a:apache:tomcat:8.0.29
  • Apache » Tomcat » Version: 8.0.3
    cpe:2.3:a:apache:tomcat:8.0.3
  • Apache » Tomcat » Version: 9.0.0
    cpe:2.3:a:apache:tomcat:9.0.0
  • Canonical » Ubuntu Linux » Version: 12.04
    cpe:2.3:o:canonical:ubuntu_linux:12.04
  • Canonical » Ubuntu Linux » Version: 14.04
    cpe:2.3:o:canonical:ubuntu_linux:14.04
  • Canonical » Ubuntu Linux » Version: 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical » Ubuntu Linux » Version: 16.04
    cpe:2.3:o:canonical:ubuntu_linux:16.04
  • Debian » Debian Linux » Version: 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian » Debian Linux » Version: 8.0
    cpe:2.3:o:debian:debian_linux:8.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved