5

CVE-2008-0128

EPSS 3.86%
Published 23.01.2008 02:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected products Warnungen 0 Metrics 2 CWE 0 References 25

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tomcat Version <= 5.5.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.86%	0.878

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

http://secunia.com/advisories/29242

http://secunia.com/advisories/33668

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.vupen.com/english/advisories/2009/0233

http://rhn.redhat.com/errata/RHSA-2008-0630.html

http://secunia.com/advisories/31493

http://secunia.com/advisories/28549

Vendor Advisory

http://www.debian.org/security/2008/dsa-1468

http://issues.apache.org/bugzilla/show_bug.cgi?id=41217

Patch

http://secunia.com/advisories/28552

Vendor Advisory

http://security-tracker.debian.net/tracker/CVE-2008-0128

http://www.securityfocus.com/bid/27365

http://www.vupen.com/english/advisories/2008/0192

https://exchange.xforce.ibmcloud.com/vulnerabilities/39804

https://nvd.nist.gov/vuln/detail/CVE-2008-0128

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0128

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0128

EUVD