386 matches found
Apache Tomcat Information Disclosure Vulnerability (Mar 2023) - Linux
Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...
CVE-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
CVE-2023-28708
CVE-2023-28708 affects Apache Tomcat where RemoteIpFilter processed requests from reverse proxies with X-Forwarded-Proto: https, causing session cookies to be set without the secure attribute across several lines of Tomcat releases (8.5.0–8.5.85, 9.0.0-M1–9.0.71, 10.1.0-M1–10.1.5, 11.0.0-M1–11.0....
Apache Tomcat 9.0.0.M1 < 9.0.72
The version of Tomcat installed on the remote host is prior to 9.0.72. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.72security-9 advisory. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the...
Fixed in Apache Tomcat 10.1.6
Important: Apache Tomcat information disclosure CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Tomcat did not include the secure attribute. This could result in th...
CVE-2022-21940
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...
CVE-2022-21940
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...
CVE-2022-21940
Summary : CVE-2022-21940 affects Johnson Controls System Configuration Tool (SCT) versions 14 before 14.2.3 and 15 before 15.0.3. The issue is a sensitive cookie in HTTPS session without the Secure attribute , which could allow cookie exposure. Root cause : cookies accepted in HTTPS sessions with...
CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...
PT-2023-12674 · Johnson Controls · Johnson Controls System Configuration Tool
Name of the Vulnerable Software and Affected Versions: Johnson Controls System Configuration Tool SCT versions 14 prior to 14.2.3 Johnson Controls System Configuration Tool SCT versions 15 prior to 15.0.3 Description: The issue allows access to a sensitive cookie in an HTTPS session due to the la...
Siemens Desigo PXC and DXR Devices Sensitive Cookie in Https Session Without Secure Attribute (CVE-2022-24045)
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The application, after a successful login, sets the session cookie on the browser...
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is...
CVE-2023-0055
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
pyload 安全漏洞
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible, and fully manageable over the Web. pyload is a free and open source download manager written in Python. A security vulnerability exists in versions prior to pyload...
PT-2023-15974 · Pypi · Pyload
Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev32 Description: The issue concerns a sensitive cookie in HTTPS sessions without the 'Secure' attribute set. This could cause the user agent to send those cookies in plaintext over an HTTP session...
CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyload
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyload
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyload
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
GHSA-HHXG-PX5H-JC32 Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the pat...
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the pat...