Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Configuration Vulnerability (CVE-2008-0128)

Description

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Remediation

References

Related Vulnerabilities

Drupal CVE-2020-13665 Vulnerability (CVE-2020-13665)

WebLogic CVE-2020-14750 Vulnerability (CVE-2020-14750)

WordPress Plugin UK Cookie Cross-Site Request Forgery (1.1)

Oracle JRE CVE-2019-2977 Vulnerability (CVE-2019-2977)

WordPress Plugin Social Networking & E-commerce Arbitrary File Upload (0.0.32)

Severity

Medium

Classification

CVE-2008-0128

Tags

Missing Update Known Vulnerabilities