Description
Fixed in Apache Tomcat 6.0.9:
-
moderate: Session hi-jacking CVE-2008-0128
When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server.
Affected Apache Tomcat version (6.0.0 - 6.0.8).
Remediation
Upgrade Apache Tomcat to the latest version.
References
Related Vulnerabilities
WordPress Plugin Constant Contact for WordPress Unspecified Vulnerability (3.1.6)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.6.2)
WordPress Plugin Adminimize 'page' Parameter Cross-Site Scripting (1.7.21)