Oval Definition:oval:org.opensuse.security:def:20080128
Revision Date:2015-11-16Version:1
Title:CVE-2008-0128
Description:
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-0128
Platform(s):Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
Open Enterprise Server
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
SUSE LINUX 10.1
Product(s):
Definition Synopsis
  • Release Information
  • sles9-nld-sdk is installed
  • AND jakarta-tomcat less than 5.0.19-29.11
  • OR
  • sles9-oes is installed
  • apache-jakarta-tomcat-connectors less than 5.0.19-29.11
  • OR apache2-jakarta-tomcat-connectors less than 5.0.19-29.11
  • OR jakarta-tomcat-doc less than 5.0.19-29.11
  • OR jakarta-tomcat-examples less than 5.0.19-29.11
  • OR jakarta-tomcat less than 5.0.19-29.11
  • OR Package Information
  • suse101 is installed
  • AND
  • mod_jk-ap20 less than 4.1.30-0.2
  • OR tomcat5-admin-webapps less than 5.0.30-27.21
  • OR tomcat5-webapps less than 5.0.30-27.21
  • OR tomcat5 less than 5.0.30-27.21
    • BACK