Description
This alert was generated using only banner information. It may be a false positive.
Fixed in Apache Tomcat 4.1.39:
-
moderate: Session hi-jacking CVE-2008-0128
When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. -
low: Cross-site scripting CVE-2008-1232
The message argument of HttpServletResponse.sendError() call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted message to result in arbitrary content being injected into the HTTP response. For a successful XSS attack, unfiltered user supplied data must be included in the message argument. -
important: Information disclosure CVE-2008-2370
When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Affected Apache Tomcat version (4.1.0 - 4.1.37).
Remediation
Upgrade Apache Tomcat to the latest version.
References
Related Vulnerabilities
WordPress Plugin WP Mobile Detector Unspecified Vulnerability (2.1)
WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)
WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)
WordPress Plugin Image Gallery-Responsive Photo Gallery SQL Injection (1.0.6)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-28336)