CVE-2008-0128

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
apachetomcat
𝑥
≤ 5.5.20
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat5
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
ignored
edgy
ignored
dapper
ignored
tomcat5.5
karmic
dne
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
feisty
ignored
edgy
ignored
dapper
dne
Common Weakness Enumeration
References