![]() ![]() cookies coming from back-end Tomcat real servers using LoadMaster’s content rules as described here. Ghostcat is a vulnerability found in Apache Tomcat versions 6.x, 7.x, 8.x, and 9.x that allows remote code execution in some circumstances. Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. In the meantime, LoadMaster customers can take action to close this vulnerability w.r.t. AFFECTED SYSTEMS: Apache Tomcat 10.0.0-M1 to 10.0.0-M9 Apache Tomcat 9.0.0.M1 to 9.0.39 Apache Tomcat 8.5.0 to 8.5.59 Apache Tomcat 7.0.0 to 7.0.106. LoadMaster doesn’t use Tomcat, so the LM itself isn’t vulnerable.Īpplications running behind LoadMaster that use Tomcat are vulnerable and should be updated with a fixed version of Tomcat. The CVSS is rated medium and scored at 4.3. Successful exploitation of this vulnerability results in the leaking of application session cookies, exposing the user credentials within. The vulnerability affects Apache Tomcat versions up to and including 8.5.85, 9.0.71, 10.1.5, and 11.0.0-M2.ĭetails of the vulnerabilities are as follows: The Vulnerabilities in Apache Tomcat Default Error Page Version Detection is prone to false positive reports by most vulnerability assessment solutions. The vulnerability results in session cookies lacking the secure attribute, which could allow the session cookie to be transmitted over an insecure channel. This page provides a sortable list of security vulnerabilities. You can filter results by cvss scores, years and months. Is loadmaster affected by the following CVE?Īpache has issued a fix for a Tomcat vulnerability (CVE-2023-28708) that leaked application session cookies, resulting in exposed user credentials. Security vulnerabilities of Apache Tomcat version 7.0.57 List of cve security vulnerabilities related to this exact version. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |