Lucene search
HistoryNov 26, 2010 - 8:00 p.m.
CVE-2010-4312
apache tomcat
tomcat 6.x
httponly flag
set-cookie header
session hijacking
remote attackers
nvd
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
4.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.5%
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
Affected configurations
Node
apachetomcatMatch6.0
ORapachetomcatMatch6.0.0
ORapachetomcatMatch6.0.1
ORapachetomcatMatch6.0.2
ORapachetomcatMatch6.0.3
ORapachetomcatMatch6.0.4
ORapachetomcatMatch6.0.5
ORapachetomcatMatch6.0.6
ORapachetomcatMatch6.0.7
ORapachetomcatMatch6.0.8
ORapachetomcatMatch6.0.9
ORapachetomcatMatch6.0.10
ORapachetomcatMatch6.0.11
ORapachetomcatMatch6.0.12
ORapachetomcatMatch6.0.13
ORapachetomcatMatch6.0.14
ORapachetomcatMatch6.0.15
ORapachetomcatMatch6.0.16
ORapachetomcatMatch6.0.17
ORapachetomcatMatch6.0.18
ORapachetomcatMatch6.0.19
ORapachetomcatMatch6.0.20
ORapachetomcatMatch6.0.24
ORapachetomcatMatch6.0.26
ORapachetomcatMatch6.0.27
ORapachetomcatMatch6.0.28
ORapachetomcatMatch6.0.29
Related
ubuntucve
ubuntucve
CVE-2010-4312
2010-11-26 00:00:00
cvelist
cvelist
CVE-2010-4312
2010-11-26 19:00:00
prion
prion
Default configuration
2010-11-26 20:00:00
nvd
nvd
CVE-2010-4312
2010-11-26 20:00:05
github
github
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
2022-05-14 02:42:23
osv
osv
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
2022-05-14 02:42:23
nessus
nessus
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
2011-02-11 00:00:00
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
2011-02-14 00:00:00
GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities
2012-06-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
2012-08-10 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
ibm
ibm
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
4.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.5%
Related for CVE-2010-4312