Lucene search

K
githubGitHub Advisory DatabaseGHSA-2C9M-W27F-53RM
HistoryMar 22, 2023 - 12:30 p.m.

Apache Tomcat vulnerable to Unprotected Transport of Credentials

2023-03-2212:30:16
CWE-523
GitHub Advisory Database
github.com
33
apache tomcat
session cookies
remoteipfilter
insecure channel

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

40.4%

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

Affected configurations

Vulners
Node
org.apache.tomcattomcat-catalinaRange8.5.08.5.86
OR
org.apache.tomcattomcat-catalinaRange9.0.0-M19.0.72
OR
org.apache.tomcattomcat-catalinaRange10.1.0-M110.1.6
OR
org.apache.tomcattomcat-catalinaRange11.0.0-M111.0.0-M3
VendorProductVersionCPE
org.apache.tomcattomcat-catalina*cpe:2.3:a:org.apache.tomcat:tomcat-catalina:*:*:*:*:*:*:*:*

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

40.4%