Main Vulnerability Database Vulnerabilities #VU73957

Sensitive cookie in HTTPS session without Secure attribute in Apache Tomcat - CVE-2023-28708

Published: March 22, 2023

Vulnerability identifier: #VU73957

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-28708

CWE-ID: CWE-614

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Apache Tomcat

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to Apache Tomcat does not set the "Secure" attribute for the JSESSIONID session cookie when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. A remote attacker can force the application to transmit cookie via an insecure channel and intercept it.

How to mitigate CVE-2023-28708

Install updates from vendor's website.

Sources

https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

Sensitive cookie in HTTPS session without Secure attribute in Apache Tomcat - CVE-2023-28708

Detailed vulnerability description

How to mitigate CVE-2023-28708

Sources

Please verify you're human