cve/CVE-2023-28708.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/DrC0okie/HEIG_SLH_Labo1
https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
https://github.com/fernandoreb/dependency-check-springboot
https://github.com/scordero1234/java_sec_demo-main
https://github.com/trganda/dockerv
https://github.com/versio-io/product-lifecycle-security-api

1.2 KiB Raw Blame History

CVE-2023-28708

Description

POC

Reference

Github

1.2 KiB

Raw Blame History