CVE-2008-0128 (Tomcat) |
|
| BugsAlert Home > CVE-2008-0128 (Tomcat) | |
|
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests, making it easier for remote attackers to capture this cookie. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0128 Learn more about CVE-2008-0128 (Tomcat) |
|
| Tags: cve-2008-0128 tomcat | |
Related Items |
|
|
What makes Metasploit tick?
|
|
|
CVE-2008-0029 (AVS)
|
|
|
Vuln: wwwstats Clickstats.PHP Multiple HTML Injection Vulnerabilities
|
|
|
W32.Motsys
|
|
|
CVE-2008-5622 (phpmyadmin)
|
|
|
CVE-2008-1115 (Solaris)
|
|
|
VirusResponse2009
|
|
