ID CVE-2008-0128
Summary The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 5.5.20
    cpe:2.3:a:apache:tomcat:5.5.20
CVSS
Base: 5.0 (as of 23-01-2008 - 10:10)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0630.NASL
    description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. During an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369) This release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43840
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43840
    title RHEL 4 : Satellite Server (RHSA-2008:0630)
  • NASL family Web Servers
    NASL id TOMCAT_6_0_9.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.9. It is, therefore, affected by an information disclosure vulnerability. If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSSO cookie does not have the 'secure' attribute set if authentication takes place over HTTPS. This allows the JSESSIONIDSSO cookie to be sent to the same server when HTTP content is requested. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 46869
    published 2010-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46869
    title Apache Tomcat 6.x < 6.0.9 Information Disclosure
  • NASL family Web Servers
    NASL id TOMCAT_5_5_21.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 5.x listening on the remote host is prior to 5.5.21. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install is vulnerable to a cross-site scripting attack. The client supplied Accept-Language headers are not validated which allows an attacker to use a specially crafted URL to inject arbitrary HTML and script code into the user's browser. (CVE-2007-1358) - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSSO cookie does not have the 'secure' attribute set if authentication takes place over HTTPS. This allows the JSESSIONIDSSO cookie to be sent to the same server when HTTP content is requested. (CVE-2008-0128) - The remote Apache Tomcat install is affected by an information disclosure vulnerability. The doRead method fails to return the proper error code for certain error conditions, which can cause POST content to be sent to different, and improper, requests. (CVE-2008-4308) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 46868
    published 2010-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46868
    title Apache Tomcat 5.x < 5.5.21 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1468.NASL
    description Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0128 Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure. - CVE-2007-2450 It was discovered that the Manager and Host Manager web applications performed insufficient input sanitising, which could lead to cross site scripting. This update also adapts the tomcat5.5-webapps package to the tightened JULI permissions introduced in the previous tomcat5.5 DSA. However, it should be noted, that the tomcat5.5-webapps is for demonstration and documentation purposes only and should not be used for production systems.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30060
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30060
    title Debian DSA-1468-1 : tomcat5.5 - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12078.NASL
    description Fixed various issues in tomcat : - mod_jk directory traversal. (CVE-2007-1860) - Handling of cookies containing a ' character. (CVE-2007-3382) - Handling of a double-quote character in cookies. (CVE-2007-3385) - tomcat path traversal / information leak. (CVE-2007-5641) - tomcat HTTP Request Smuggling. (CVE-2005-2090) - tomcat https information disclosure. (CVE-2008-0128)
    last seen 2018-09-01
    modified 2016-12-21
    plugin id 41198
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41198
    title SuSE9 Security Update : Tomcat (YOU Patch Number 12078)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT5-4990.NASL
    description - Cross-site scripting (XSS) vulnerability in example JSP applications. (CVE-2006-7196) - Handling of cookies containing a ' character. (CVE-2007-3382) - Handling of \' in cookies. (CVE-2007-3385) - tomcat path traversal / information leak. (CVE-2007-5641) - directory traversal. (CVE-2007-1860) - tomcat https information disclosure. (CVE-2008-0128) - tomcat HTTP Request Smuggling. (CVE-2005-2090)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 31298
    published 2008-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31298
    title SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0524.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43837
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43837
    title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_JK-4992.NASL
    description Fixed various issues in tomcat : - CVE-2006-7196: Cross-site scripting (XSS) vulnerability in example JSP applications - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of \' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860: directory traversal - CVE-2008-0128: tomcat https information disclosure - CVE-2005-2090: tomcat HTTP Request Smuggling
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 31319
    published 2008-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31319
    title openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)
  • NASL family Web Servers
    NASL id TOMCAT_4_1_39.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSSO cookie does not have the 'secure' attribute set if authentication takes place over HTTPS. This allows the JSESSIONIDSSO cookie to be sent to the same server when HTTP content is requested. (CVE-2008-0128) - The remote Apache Tomcat install is vulnerable to a cross-site scripting attack. Improper input validation allows a remote attacker to inject arbitrary script code or HTML into the message argument used by the HttpServletResponse.sendError method. (CVE-2008-1232) - If the remote Apache Tomcat install contains pages using the RequestDispatcher object, a directory traversal attack may be possible. This allows an attacker to select one or more of the input parameters and provide specific values leading to access of potentially sensitive files. (CVE-2008-2370) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 46867
    published 2010-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46867
    title Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0261.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43835
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43835
    title RHEL 4 : Satellite Server (RHSA-2008:0261)
redhat via4
advisories
  • rhsa
    id RHSA-2008:0261
  • rhsa
    id RHSA-2008:0630
refmap via4
bid 27365
bugtraq
  • 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
  • 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
confirm
debian DSA-1468
secunia
  • 28549
  • 28552
  • 29242
  • 31493
  • 33668
suse SUSE-SR:2008:005
vupen
  • ADV-2008-0192
  • ADV-2009-0233
xf apache-singlesignon-information-disclosure(39804)
Last major update 07-03-2011 - 22:03
Published 22-01-2008 - 21:00
Last modified 21-03-2019 - 11:40
Back to Top