Vulnerabilities > CVE-2008-0128 - Configuration vulnerability in Apache Tomcat

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
apache
CWE-16
nessus

Summary

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vulnerable Configurations

Part Description Count
Application
Apache
104

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1468.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0128 Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure. - CVE-2007-2450 It was discovered that the Manager and Host Manager web applications performed insufficient input sanitising, which could lead to cross site scripting. This update also adapts the tomcat5.5-webapps package to the tightened JULI permissions introduced in the previous tomcat5.5 DSA. However, it should be noted, that the tomcat5.5-webapps is for demonstration and documentation purposes only and should not be used for production systems.
    last seen2020-06-01
    modified2020-06-02
    plugin id30060
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30060
    titleDebian DSA-1468-1 : tomcat5.5 - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0261.NASL
    descriptionRed Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43835
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43835
    titleRHEL 4 : Satellite Server (RHSA-2008:0261)
  • NASL familyWeb Servers
    NASL idTOMCAT_4_1_39.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSSO cookie does not have the
    last seen2020-03-18
    modified2010-06-11
    plugin id46867
    published2010-06-11
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46867
    titleApache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TOMCAT5-4990.NASL
    description - Cross-site scripting (XSS) vulnerability in example JSP applications. (CVE-2006-7196) - Handling of cookies containing a
    last seen2020-06-01
    modified2020-06-02
    plugin id31298
    published2008-02-27
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31298
    titleSuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12078.NASL
    descriptionFixed various issues in tomcat : - mod_jk directory traversal. (CVE-2007-1860) - Handling of cookies containing a
    last seen2020-06-01
    modified2020-06-02
    plugin id41198
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41198
    titleSuSE9 Security Update : Tomcat (YOU Patch Number 12078)
  • NASL familyWeb Servers
    NASL idTOMCAT_5_5_21.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 5.x listening on the remote host is prior to 5.5.21. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install is vulnerable to a cross-site scripting attack. The client supplied Accept-Language headers are not validated which allows an attacker to use a specially crafted URL to inject arbitrary HTML and script code into the user
    last seen2020-03-18
    modified2010-06-11
    plugin id46868
    published2010-06-11
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46868
    titleApache Tomcat 5.x < 5.5.21 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0524.NASL
    descriptionRed Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43837
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43837
    titleRHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_9.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.9. It is, therefore, affected by an information disclosure vulnerability. If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSSO cookie does not have the
    last seen2020-03-18
    modified2010-06-11
    plugin id46869
    published2010-06-11
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46869
    titleApache Tomcat 6.x < 6.0.9 Information Disclosure
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_JK-4992.NASL
    descriptionFixed various issues in tomcat : - CVE-2006-7196: Cross-site scripting (XSS) vulnerability in example JSP applications - CVE-2007-3382: Handling of cookies containing a
    last seen2020-06-01
    modified2020-06-02
    plugin id31319
    published2008-02-29
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31319
    titleopenSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0630.NASL
    descriptionRed Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. During an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369) This release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43840
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43840
    titleRHEL 4 : Satellite Server (RHSA-2008:0630)

Redhat

advisories
  • rhsa
    idRHSA-2008:0261
  • rhsa
    idRHSA-2008:0630
rpms
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jfreechart-0:0.9.20-3.rhn
  • mod_perl-0:2.0.2-12.el4
  • mod_perl-debuginfo-0:2.0.2-12.el4
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-html-0:5.1.1-7
  • tomcat5-0:5.0.30-0jpp_10rh
  • ant-0:1.6.5-1jpp_1rh
  • avalon-logkit-0:1.2-2jpp_4rh
  • axis-0:1.2.1-1jpp_3rh
  • classpathx-jaf-0:1.0-2jpp_6rh
  • classpathx-mail-0:1.1.1-2jpp_8rh
  • geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh
  • jakarta-commons-modeler-0:2.0-3jpp_2rh
  • log4j-0:1.2.12-1jpp_1rh
  • mx4j-1:3.0.1-1jpp_4rh
  • pcsc-lite-0:1.3.3-3.el4
  • pcsc-lite-debuginfo-0:1.3.3-3.el4
  • pcsc-lite-doc-0:1.3.3-3.el4
  • pcsc-lite-libs-0:1.3.3-3.el4
  • rhpki-ca-0:7.3.0-20.el4
  • rhpki-java-tools-0:7.3.0-10.el4
  • rhpki-kra-0:7.3.0-14.el4
  • rhpki-manage-0:7.3.0-19.el4
  • rhpki-native-tools-0:7.3.0-6.el4
  • rhpki-ocsp-0:7.3.0-13.el4
  • rhpki-tks-0:7.3.0-13.el4
  • tomcat5-0:5.5.23-0jpp_4rh.16
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.16
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16
  • xerces-j2-0:2.7.1-1jpp_1rh
  • xml-commons-0:1.3.02-2jpp_1rh
  • xml-commons-apis-0:1.3.02-2jpp_1rh