CVE-2008-0128 in Tomcatinfo

Zusammenfassung

von MITRE

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

07.01.2008

Veröffentlichung

22.01.2008

Moderieren

akzeptiert

Eintrag

VDB-40656

CPE

bereit

CWE

CWE-16 (bestätigt)

CVSS

5.0 (NVD)

EPSS

0.03966

KEV

nein

Aktivitäten

very low

Sektor

Government, Transportation, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-0128
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-0128
CVE Details	https://www.cvedetails.com/cve/CVE-2008-0128/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!