5

CVE-2008-0128

EPSS 3.86%
Veröffentlicht 23.01.2008 02:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version <= 5.5.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.86%	0.877

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

http://secunia.com/advisories/29242

http://secunia.com/advisories/33668

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.vupen.com/english/advisories/2009/0233

http://rhn.redhat.com/errata/RHSA-2008-0630.html

http://secunia.com/advisories/31493

http://secunia.com/advisories/28549

Vendor Advisory

http://www.debian.org/security/2008/dsa-1468

http://issues.apache.org/bugzilla/show_bug.cgi?id=41217

Patch

http://secunia.com/advisories/28552

Vendor Advisory

http://security-tracker.debian.net/tracker/CVE-2008-0128

http://www.securityfocus.com/bid/27365

http://www.vupen.com/english/advisories/2008/0192

https://exchange.xforce.ibmcloud.com/vulnerabilities/39804

https://nvd.nist.gov/vuln/detail/CVE-2008-0128

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0128

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0128

EUVD