CVE-2023-28708

Unprotected Transport of Credentials in maven/org.apache.tomcat/tomcat-catalina

Identifiers

CVE-2023-28708, GHSA-2c9m-w27f-53rm

Package Slug

maven/org.apache.tomcat/tomcat-catalina

Vulnerability

Unprotected Transport of Credentials

Description

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 does not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

Affected Versions

All versions starting from 8.5.0 before 8.5.86, all versions starting from 9.0.0-m1 before 9.0.72, all versions starting from 10.1.0-m1 before 10.1.6, all versions starting from 11.0.0-m1 before 11.0.0-m3

Solution

Upgrade to versions 10.1.6, 11.0.0-M3, 8.5.86, 9.0.72 or above.

Last Modified

2023-03-23

source