5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.6%
Moderate: Session hi-jacking CVE-2008-0128
When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the “secure” attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server.
Affects: 5.0.0-5.0.SVN, 5.5.0-5.5.20
Low: Information disclosure CVE-2008-4308
Bug 40771 may result in the disclosure of POSTed content from a previous request. For a vulnerability to exist, the content read from the input stream must be disclosed, eg via writing it to the response and committing the response, before the ArrayIndexOutOfBoundsException occurs which will halt processing of the request.
Affects: 5.5.10-5.5.20 (5.0.x unknown)
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | le | 5.0. | |
apache tomcat | ge | 5.0.0 | |
apache tomcat | ge | 5.5.0 | |
apache tomcat | ge | 5.5.10 | |
apache tomcat | le | 5.5.20 |