CVE-2010-4312
EUVD-2022-482726.11.2010, 20:00
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | tomcat | 6.0 |
| apache | tomcat | 6.0.0 |
| apache | tomcat | 6.0.1 |
| apache | tomcat | 6.0.2 |
| apache | tomcat | 6.0.3 |
| apache | tomcat | 6.0.4 |
| apache | tomcat | 6.0.5 |
| apache | tomcat | 6.0.6 |
| apache | tomcat | 6.0.7 |
| apache | tomcat | 6.0.8 |
| apache | tomcat | 6.0.9 |
| apache | tomcat | 6.0.10 |
| apache | tomcat | 6.0.11 |
| apache | tomcat | 6.0.12 |
| apache | tomcat | 6.0.13 |
| apache | tomcat | 6.0.14 |
| apache | tomcat | 6.0.15 |
| apache | tomcat | 6.0.16 |
| apache | tomcat | 6.0.17 |
| apache | tomcat | 6.0.18 |
| apache | tomcat | 6.0.19 |
| apache | tomcat | 6.0.20 |
| apache | tomcat | 6.0.24 |
| apache | tomcat | 6.0.26 |
| apache | tomcat | 6.0.27 |
| apache | tomcat | 6.0.28 |
| apache | tomcat | 6.0.29 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration