The Register on MSN2d
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code ...
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
The researchers added that the attack is “dead simple” to execute, and requires no authentication. The only requirement is that Tomcat is using file-based session storage which, according to the ...
TWCN Tech News6mon
Cookie Stealing or Scraping: Why do Hackers want your Cookies?
A successful session hijacking cannot be performed unless the hacker knows the victim’s session key or session ID. If he can steal the session cookies, he can take over the user’s session.