GHSA-pvjh-7h8q-q56r

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

Описание

Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat

maven

Затронутые версииВерсия исправления

>= 6.0.0, < 6.0.35

6.0.35

EPSS

Процентиль: 82%

0.01735

Низкий

CVE ID

CVE-2010-4312

Дефекты

CWE-1004

Связанные уязвимости

CVE-2010-4312

ubuntu

больше 14 лет назад

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

CVE-2010-4312

redhat

больше 14 лет назад

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

CVE-2010-4312

nvd

больше 14 лет назад

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

CVE-2010-4312

debian

больше 14 лет назад

The default configuration of Apache Tomcat 6.x does not include the HT ...

EPSS

Процентиль: 82%

0.01735

Низкий

CVE ID

CVE-2010-4312

Дефекты

CWE-1004