Lucene search
HistoryNov 26, 2010 - 8:00 p.m.
CVE-2010-4312
apache tomcat
tomcat 6.x
httponly flag
set-cookie header
session hijacking
remote attackers
nvd
5.3 Medium
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
57.9%
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
Related
github
github
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
2022-05-14 02:42:23
ubuntucve
ubuntucve
CVE-2010-4312
2010-11-26 00:00:00
prion
prion
Default configuration
2010-11-26 20:00:00
osv
osv
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
2022-05-14 02:42:23
nessus
nessus
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
2011-02-11 00:00:00
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
2011-02-14 00:00:00
GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities
2012-06-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
2012-08-10 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
ibm
ibm
5.3 Medium
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
57.9%
Related for CVE-2010-4312