Описание
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| hardy | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | ignored | end of life |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | ignored | configuration issue |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| upstream | needs-triage |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
The default configuration of Apache Tomcat 6.x does not include the HT ...
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
EPSS
6.4 Medium
CVSS2