资产安全
商业安全
安全服务
返回- 漏洞ID:1187865
- 漏洞类型:配置错误
- 发布日期:2008-01-20
- 更新时间:2015-03-19
- CVE编号: CVE-2008-0128
- CNNVD-ID:CNNVD-200801-336
- 漏洞平台: N/A
- CVSS评分:5.0
<a href="https://www.securityfocus.com/bid/27365" target="_blank">https://www.securityfocus.com/bid/27365</a><br/> <a href="http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200801-336" target="_blank">http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200801-336</a><br/>
Apache Tomcat 5.5.21之前的版本中的SingleSignOn Valve(org.apache.catalina.authenticator.SingleSignOn)未为https session中的JSESSIONidSSO cookie设置安全的标记,这会导致cookie在http请求中被发送出去,并使得远程攻击者更容易获取该cookie。
来源:issues.apache.org
链接:http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
来源:XF
名称:apache-singlesignon-information-disclosure(39804)
链接:http://xforce.iss.net/xforce/xfdb/39804
来源:BID
名称:27365
链接:http://www.securityfocus.com/bid/27365
来源:BUGTRAQ
名称:20090127CA20090123-01:CohesionTomcatMultipleVulnerabilities(Updated-v1.1)
链接:http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded
来源:BUGTRAQ
名称:20090124CA20090123-01:CohesionTomcatMultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded
来源:VUPEN
名称:ADV-2009-0233
链接:http://www.frsirt.com/english/advisories/2009/0233
来源:VUPEN
名称:ADV-2008-0192
链接:http://www.frsirt.com/english/advisories/2008/0192
来源:support.ca.com
链接:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
来源:security-tracker.debian.net
链接:http://security-tracker.debian.net/tracker/CVE-2008-0128
来源:SECUNIA
名称:33668
链接:http://secunia.com/advisories/33668
来源:SECUNIA
名称:31493
链接:http://secunia.com/ad
微信扫码关注公众号
