Oval Definition:oval:org.opensuse.security:def:202328708
Revision Date:2023-06-22Version:1
Title:CVE-2023-28708
Description:

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-28708
SUSE CVE-2023-28708
SUSE-SU-2023:1669-1
SUSE-SU-2023:1672-1
SUSE-SU-2023:1769-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Web and Scripting 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Web and Scripting 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • tomcat is affected
  • OR tomcat-admin-webapps is affected
  • OR tomcat-el-3_0-api is affected
  • OR tomcat-jsp-2_3-api is affected
  • OR tomcat-lib is affected
  • OR tomcat-servlet-4_0-api is affected
  • OR tomcat-webapps is affected
    • BACK