CVE-2008-0128 - The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.

CVE-2008-0128

Summary

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

References

Vulnerable Configurations

cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 25-03-2019 - 11:30)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

rhsa
id RHSA-2008:0261
rhsa
id RHSA-2008:0630

rpms

jabberd-0:2.0s10-3.38.rhn
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
jfreechart-0:0.9.20-3.rhn
openmotif21-0:2.1.30-11.RHEL4.6
openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
perl-Crypt-CBC-0:2.24-1.el4
rhn-apache-0:1.3.27-36.rhn.rhel4
rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
rhn-modperl-0:1.29-16.rhel4
rhn-modssl-0:2.8.12-8.rhn.10.rhel4
tomcat5-0:5.0.30-0jpp_10rh
jabberd-0:2.0s10-3.37.rhn
jabberd-0:2.0s10-3.38.rhn
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
jfreechart-0:0.9.20-3.rhn
openmotif21-0:2.1.30-11.RHEL4.6
openmotif21-0:2.1.30-9.RHEL3.8
openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
perl-Crypt-CBC-0:2.24-1.el3
perl-Crypt-CBC-0:2.24-1.el4
rhn-apache-0:1.3.27-36.rhn.rhel3
rhn-apache-0:1.3.27-36.rhn.rhel4
rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
rhn-modperl-0:1.29-16.rhel3
rhn-modperl-0:1.29-16.rhel4
rhn-modssl-0:2.8.12-8.rhn.10.rhel3
rhn-modssl-0:2.8.12-8.rhn.10.rhel4
tomcat5-0:5.0.30-0jpp_10rh
jfreechart-0:0.9.20-3.rhn
mod_perl-0:2.0.2-12.el4
mod_perl-debuginfo-0:2.0.2-12.el4
perl-Crypt-CBC-0:2.24-1.el4
rhn-html-0:5.1.1-7
tomcat5-0:5.0.30-0jpp_10rh
ant-0:1.6.5-1jpp_1rh
avalon-logkit-0:1.2-2jpp_4rh
axis-0:1.2.1-1jpp_3rh
classpathx-jaf-0:1.0-2jpp_6rh
classpathx-mail-0:1.1.1-2jpp_8rh
geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh
geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh
geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh
geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh
geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh
geronimo-specs-0:1.0-0.M4.1jpp_10rh
geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh
jakarta-commons-modeler-0:2.0-3jpp_2rh
log4j-0:1.2.12-1jpp_1rh
mx4j-1:3.0.1-1jpp_4rh
pcsc-lite-0:1.3.3-3.el4
pcsc-lite-debuginfo-0:1.3.3-3.el4
pcsc-lite-doc-0:1.3.3-3.el4
pcsc-lite-libs-0:1.3.3-3.el4
rhpki-ca-0:7.3.0-20.el4
rhpki-java-tools-0:7.3.0-10.el4
rhpki-kra-0:7.3.0-14.el4
rhpki-manage-0:7.3.0-19.el4
rhpki-native-tools-0:7.3.0-6.el4
rhpki-ocsp-0:7.3.0-13.el4
rhpki-tks-0:7.3.0-13.el4
tomcat5-0:5.5.23-0jpp_4rh.16
tomcat5-common-lib-0:5.5.23-0jpp_4rh.16
tomcat5-jasper-0:5.5.23-0jpp_4rh.16
tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16
tomcat5-server-lib-0:5.5.23-0jpp_4rh.16
tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16
xerces-j2-0:2.7.1-1jpp_1rh
xml-commons-0:1.3.02-2jpp_1rh
xml-commons-apis-0:1.3.02-2jpp_1rh

refmap via4

bid	27365
bugtraq	20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
confirm	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://issues.apache.org/bugzilla/show_bug.cgi?id=41217 http://security-tracker.debian.net/tracker/CVE-2008-0128 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
debian	DSA-1468
mlist	[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
secunia	28549 28552 29242 31493 33668
suse	SUSE-SR:2008:005
vupen	ADV-2008-0192 ADV-2009-0233
xf	apache-singlesignon-information-disclosure(39804)

Last major update

25-03-2019 - 11:30

Published

23-01-2008 - 02:00

Last modified

25-03-2019 - 11:30