Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2008-0128

Опубликовано: 23 янв. 2008
Источник: ubuntu
Приоритет: low
CVSS2: 5

Описание

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

РелизСтатусПримечание
dapper

ignored

end of life
devel

DNE

edgy

ignored

end of life, was needed
feisty

ignored

end of life, was needed
gutsy

DNE

hardy

DNE

intrepid

DNE

jaunty

DNE

karmic

DNE

upstream

released

5.5.21

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

edgy

ignored

end of life, was needed
feisty

ignored

end of life, was needed
gutsy

not-affected

5.5.25-1ubuntu1
hardy

not-affected

5.5.25-5ubuntu1
intrepid

not-affected

5.5.25-5ubuntu1
jaunty

not-affected

5.5.25-5ubuntu1
karmic

DNE

upstream

needed

Показывать по

Ссылки на источники

5 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2008-0128

redhat
больше 18 лет назад

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

nvd логотип

CVE-2008-0128

nvd
больше 17 лет назад

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

debian логотип

CVE-2008-0128

debian
больше 17 лет назад

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn ...

github логотип

GHSA-qjw9-54p2-cgcx

github
около 3 лет назад

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5 Medium

CVSS2

Уязвимость CVE-2008-0128