FormAuthenticator class for Tomcat cn be exploited to Hijack Session

[GoogleCodeExporter]

What steps will reproduce the problem?
I don't have a step by step on how to exploit the session, but when performing 
a security scan it was revealed that this was an error. The fix is to upgrade 
Apache Tomcat to 6.0.37

What is the expected output? What do you see instead?
There is no clear cut way to show output, the link to the patched issue can be 
found on the apache tomcat website...
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

What version of the product are you using? On what operating system?
red5-server-1.0

Please provide any additional information below.
Is there any plan to update the apache tomcat part of this product?

Original issue reported on code.google.com by lild...@gmail.com on 25 Sep 2013 at 8:42

[GoogleCodeExporter]

We've moved past Tomcat 6 and utilize Tomcat 7 now in the latest builds; I 
assume this issue doesn't exist in 7?

Original comment by mondain on 27 Sep 2013 at 7:01

• Changed state: Done

[GoogleCodeExporter]

Which red5 download contains the new Tomcat 7? I'm currently looking at 
red5-1.0.1 version.

Original comment by lild...@gmail.com on 27 Sep 2013 at 9:02