Apache Tomcat version older than 6.0.9

Apache Tomcat version older than 6.0.9

Published on 2009-02-26. Updated on 2009-02-26.

Description:

Fixed in Apache Tomcat 6.0.9:

• moderate: Session hi-jacking CVE-2008-0128
  When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server.

Affected Apache Tomcat version (6.0.0 - 6.0.8).

Impact:
Session hi-jacking

Recommendation:
Upgrade Apache Tomcat to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: Apache Tomcat

References:

Apache Tomcat 6.x vulnerabilities

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking