CVE-2010-4312

Опубликовано: 26 нояб. 2010

Источник: debian

EPSS Низкий

Описание

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
tomcat6	fixed	6.0.35-5		package
tomcat6	not-affected		lenny	package

EPSS

Процентиль: 82%

0.01735

Низкий

Связанные уязвимости

CVE-2010-4312

ubuntu

больше 14 лет назад

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

CVE-2010-4312

redhat

больше 14 лет назад

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

CVE-2010-4312

nvd

больше 14 лет назад

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

GHSA-pvjh-7h8q-q56r

github

около 3 лет назад

Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header

EPSS

Процентиль: 82%

0.01735

Низкий