Количество 10
Количество 10
GHSA-2c9m-w27f-53rm
Apache Tomcat vulnerable to Unprotected Transport of Credentials
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse ...
SUSE-SU-2023:1672-1
Security update for tomcat
SUSE-SU-2023:1669-1
Security update for tomcat
SUSE-SU-2023:1769-1
Security update for tomcat
ELSA-2023-7065
ELSA-2023-7065: tomcat security and bug fix update (MODERATE)
ELSA-2023-6570
ELSA-2023-6570: tomcat security and bug fix update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-2c9m-w27f-53rm Apache Tomcat vulnerable to Unprotected Transport of Credentials | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
 | SUSE-SU-2023:1672-1 Security update for tomcat | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:1669-1 Security update for tomcat | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:1769-1 Security update for tomcat | около 2 лет назад | ||
| ELSA-2023-7065 ELSA-2023-7065: tomcat security and bug fix update (MODERATE) | больше 1 года назад | ||
| ELSA-2023-6570 ELSA-2023-6570: tomcat security and bug fix update (MODERATE) | больше 1 года назад |
Уязвимостей на страницу