This alert was generated using only banner information. It may be a false positive.
Fixed in Apache Tomcat 6.0.9:
moderate: Session hi-jacking CVE-2008-0128
When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server.
Affected Apache Tomcat version (6.0.0 - 6.0.8).
- moderate: Session hi-jacking CVE-2008-0128
- Upgrade Apache Tomcat to the latest version.
- WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)
- WordPress Plugin Ninja Forms-The Easy and Powerful Forms Builder Security Bypass (3.0.30)
- WordPress Plugin GD Rating System Cross-Site Scripting (2.0.2)
- WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)
- WordPress Plugin Limit Login Attempts Security Bypass (1.7.0)