5
CVE-2008-0128
- EPSS 19.62%
- Veröffentlicht 23.01.2008 02:00:00
- Zuletzt bearbeitet 16.06.2026 22:48:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 19.62% | 0.97 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242
http://secunia.com/advisories/33668
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.vupen.com/english/advisories/2009/0233
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/31493
http://secunia.com/advisories/28549
http://www.debian.org/security/2008/dsa-1468
http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
http://secunia.com/advisories/28552
http://security-tracker.debian.net/tracker/CVE-2008-0128
http://www.securityfocus.com/bid/27365
http://www.vupen.com/english/advisories/2008/0192
https://exchange.xforce.ibmcloud.com/vulnerabilities/39804