QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-0128

Back to search

CVE-2008-0128

Published: Jan 23, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2008:0630
vendor-advisory
x_refsource_REDHAT
27365
vdb-entry
x_refsource_BID
31493
third-party-advisory
x_refsource_SECUNIA
29242
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:005
vendor-advisory
x_refsource_SUSE
33668
third-party-advisory
x_refsource_SECUNIA
28549
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0192
vdb-entry
x_refsource_VUPEN
ADV-2009-0233
vdb-entry
x_refsource_VUPEN
DSA-1468
vendor-advisory
x_refsource_DEBIAN
RHSA-2008:0261
vendor-advisory
x_refsource_REDHAT
28552
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now