Description

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Remediation

References

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

http://issues.apache.org/bugzilla/show_bug.cgi?id=41217

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

http://rhn.redhat.com/errata/RHSA-2008-0630.html

http://secunia.com/advisories/28549

http://secunia.com/advisories/28552

http://secunia.com/advisories/29242

http://secunia.com/advisories/31493

http://secunia.com/advisories/33668

http://security-tracker.debian.net/tracker/CVE-2008-0128

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://www.debian.org/security/2008/dsa-1468

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.securityfocus.com/bid/27365

http://www.vupen.com/english/advisories/2008/0192

http://www.vupen.com/english/advisories/2009/0233

https://exchange.xforce.ibmcloud.com/vulnerabilities/39804

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2022-39249 Vulnerability in npm package matrix-js-sdk

CVE-2019-17592 Vulnerability in maven package org.webjars.npm:csv-parse

CVE-2019-13127 Vulnerability in maven package org.webjars.bowergithub.jgraph:mxgraph

CVE-2021-21290 Vulnerability in maven package io.netty:netty-testsuite

CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle

Severity

Critical

Classification

CWE-16

Tags

Patch Vendor Advisory