Description

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Remediation

References

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

http://issues.apache.org/bugzilla/show_bug.cgi?id=41217

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

http://rhn.redhat.com/errata/RHSA-2008-0630.html

http://secunia.com/advisories/28549

http://secunia.com/advisories/28552

http://secunia.com/advisories/29242

http://secunia.com/advisories/31493

http://secunia.com/advisories/33668

http://security-tracker.debian.net/tracker/CVE-2008-0128

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://www.debian.org/security/2008/dsa-1468

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.securityfocus.com/bid/27365

http://www.vupen.com/english/advisories/2008/0192

http://www.vupen.com/english/advisories/2009/0233

https://exchange.xforce.ibmcloud.com/vulnerabilities/39804

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2019-14863 Vulnerability in maven package org.webjars.npm:angular

CVE-2019-12406 Vulnerability in maven package org.apache.cxf:cxf-core

CVE-2023-30515 Vulnerability in maven package io.jenkins.plugins:thycotic-devops-secrets-vault

CVE-2023-45282 Vulnerability in npm package openmct

CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

Severity

Critical

Classification

CWE-16

Tags

Patch Vendor Advisory