Description
This alert was generated using only banner information. It may be a false positive.
Fixed in Apache Tomcat 4.1.39:
-
moderate: Session hi-jacking CVE-2008-0128
When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. -
low: Cross-site scripting CVE-2008-1232
The message argument of HttpServletResponse.sendError() call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted message to result in arbitrary content being injected into the HTTP response. For a successful XSS attack, unfiltered user supplied data must be included in the message argument. -
important: Information disclosure CVE-2008-2370
When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Affected Apache Tomcat version (4.1.0 - 4.1.37).
Remediation
Upgrade Apache Tomcat to the latest version.
References
Related Vulnerabilities
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)
Apache HTTP Server Other Vulnerability (CVE-1999-1293)
MySQL CVE-2019-2834 Vulnerability (CVE-2019-2834)
PrestaShop CVE-2018-13784 Vulnerability (CVE-2018-13784)
WordPress Plugin LittleBot ACH for Stripe + Plaid Unspecified Vulnerability (1.2.6)