Lucene search
ApacheCVELIST:CVE-2023-28708HistoryMar 22, 2023 - 10:10 a.m.
CVE-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations
2023-03-2210:10:58
CWE-523
apache
www.cve.org
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-M2",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.5",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.71",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.85",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
]Related
tomcat
tomcat
Fixed in Apache Tomcat 10.1.6
2023-02-24 00:00:00
Fixed in Apache Tomcat 9.0.72
2023-02-23 00:00:00
Fixed in Apache Tomcat 8.5.86
2023-02-24 00:00:00
kaspersky
kaspersky
KLA48634 OSI vulnerability in Apache Tomcat
2023-02-23 00:00:00
KLA48635 OSI vulnerability in Apache Tomcat
2023-02-24 00:00:00
redhatcve
redhatcve
CVE-2023-28708
2023-03-24 13:07:53
nvd
nvd
CVE-2023-28708
2023-03-22 11:15:10
nessus
nessus
SUSE SLES15 Security Update : tomcat (SUSE-SU-2023:1669-1)
2023-03-30 00:00:00
Apache Tomcat 9.0.0.M1 < 9.0.72
2023-03-22 00:00:00
Nutanix AOS : (NXSA-AOS-6.5.3.5)
2023-07-09 00:00:00
ubuntucve
ubuntucve
CVE-2023-28708
2023-03-22 00:00:00
openvas
openvas
Apache Tomcat Information Disclosure Vulnerability (Mar 2023) - Windows
2023-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1669-1)
2023-03-30 00:00:00
Apache Tomcat Information Disclosure Vulnerability (Mar 2023) - Linux
2023-03-23 00:00:00
debiancve
debiancve
CVE-2023-28708
2023-03-22 11:15:10
osv
osv
CVE-2023-28708
2023-03-22 11:15:10
Apache Tomcat vulnerable to Unprotected Transport of Credentials
2023-03-22 12:30:16
BIT-tomcat-2023-28708
2024-03-06 11:08:55
ibm
ibm
cve
cve
CVE-2023-28708
2023-03-22 11:15:10
prion
prion
Authentication flaw
2023-03-22 11:15:00
atlassian
atlassian
Upgrade Tomcat for CVE-2023-28708
2023-03-23 22:22:39
Upgrade Tomcat for CVE-2023-28708
2023-03-27 12:10:30
f5
f5
K000133402 : Apache Tomcat vulnerability CVE-2023-28708
2023-04-05 00:00:00
github
github
Apache Tomcat vulnerable to Unprotected Transport of Credentials
2023-03-22 12:30:16
veracode
veracode
Information Disclosure
2023-03-24 01:12:16
photon
photon
Moderate Photon OS Security Update - PHSA-2023-4.0-0393
2023-05-17 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0581
2023-05-17 00:00:00
debian
debian
[SECURITY] [DLA 3384-1] tomcat9 security update
2023-04-05 19:47:31
[SECURITY] [DSA 5381-1] tomcat9 security update
2023-04-05 20:24:17
amazon
amazon
Important: tomcat8
2023-04-13 19:01:00
Important: tomcat
2023-04-27 18:36:00
oraclelinux
oraclelinux
tomcat security and bug fix update
2023-11-11 00:00:00
tomcat security and bug fix update
2023-11-17 00:00:00
almalinux
almalinux
Moderate: tomcat security and bug fix update
2023-11-14 00:00:00
Moderate: tomcat security and bug fix update
2023-11-07 00:00:00
redhat
redhat
(RHSA-2023:6570) Moderate: tomcat security and bug fix update
2023-11-07 06:08:48
(RHSA-2023:7065) Moderate: tomcat security and bug fix update
2023-11-14 08:44:23
mageia
mageia
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00