cookies coming from back-end Tomcat real servers using LoadMaster’s content rules as described here. In the meantime, LoadMaster customers can take action to close this vulnerability w.r.t. Analysis of commonly reported tomcat security vulnerabilities. LoadMaster doesn’t use Tomcat, so the LM itself isn’t vulnerable.Īpplications running behind LoadMaster that use Tomcat are vulnerable and should be updated with a fixed version of Tomcat. The CVSS is rated medium and scored at 4.3. Successful exploitation of this vulnerability results in the leaking of application session cookies, exposing the user credentials within. Tomcat is constantly being updated to address newly discovered vulnerabilities, some of which include denial-of-service attacks. The vulnerability affects Apache Tomcat versions up to and including 8.5.85, 9.0.71, 10.1.5, and 11.0.0-M2.ĭetails of the vulnerabilities are as follows: The vulnerability results in session cookies lacking the secure attribute, which could allow the session cookie to be transmitted over an insecure channel. Fixed multiple security vulnerabilities regarding Tomcat. Flag documentation issues via our GitHub documentation channel. Is loadmaster affected by the following CVE?Īpache has issued a fix for a Tomcat vulnerability (CVE-2023-28708) that leaked application session cookies, resulting in exposed user credentials. The authors discussed different types of RCE vulnerabilities in web applications and provided demonstrations of how they might be exploited, to include tools commonly used by attackers. Fixed a security vulnerability regarding Tomcat 7 (CVE-2018-11784). Flag vulnerabilities by emailing securityportainer.io so we can deal with them immediately.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |