CVE-2023-28708
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
Older, EOL versions may also be affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat | 11.0.0-M1 <= 11.0.0-M2 | affected |
| Apache Software Foundation | Apache Tomcat | 10.1.0-M1 <= 10.1.5 | affected |
| Apache Software Foundation | Apache Tomcat | 9.0.0-M1 <= 9.0.71 | affected |
| Apache Software Foundation | Apache Tomcat | 8.5.0 <= 8.5.85 | affected |
| Apache Software Foundation | Apache Tomcat | 3 < 8.5.0 | unknown |
| Apache Software Foundation | Apache Tomcat | 10.0.0-M1 <= 10.0.27 | unknown |
Weaknesses
- CWE-523: CWE-523 Unprotected Transport of Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
- https://security.netapp.com/advisory/ntap-20230331-0012/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.