CVE-2023-28708

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67	Mailing List Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
	cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::

History

27 Mar 2023, 15:26

Type	Values Removed	Values Added
References	~~(MISC) https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 -~~	(MISC) https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 - Mailing List, Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CPE		cpe:2.3:a:apache:tomcat:11.0.0:milestone2:::::: cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::

22 Mar 2023, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-22 11:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-28708

Mitre link : CVE-2023-28708

CVE.ORG link : CVE-2023-28708

JSON object : View

Products Affected

apache

tomcat

CWE

CWE-523

Unprotected Transport of Credentials

{"id": "CVE-2023-28708", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-03-22T11:15:10.623", "references": [{"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-523"}]}], "descriptions": [{"lang": "en", "value": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n"}], "lastModified": "2023-11-07T04:10:49.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5B9F578-C5AF-47B9-8DCB-956FE1142895", "versionEndExcluding": "8.5.86", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F53E1703-7327-4B44-8641-9335B78714E3", "versionEndExcluding": "9.0.72", "versionStartExcluding": "9.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55049943-7BFB-4022-B790-84466E2E873F", "versionEndExcluding": "10.1.6", "versionStartExcluding": "10.1.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}