CVE-2010-4312 Vulnerability in maven package org.apache.tomcat:tomcat

Description

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Remediation

References

http://www.securityfocus.com/archive/1/514866/100/0/threaded

Related Vulnerabilities

CVE-2010-2276 Vulnerability in npm package dojo

CVE-2011-2730 Vulnerability in maven package org.springframework:spring-web

CVE-2011-2730 Vulnerability in maven package org.springframework:spring-core

CVE-2013-4221 Vulnerability in maven package org.restlet:org.restlet

CVE-2008-0128 Vulnerability in maven package tomcat:catalina

Severity

Critical

Classification

CWE-16