CVE-2023-28708
Last modified
CVE-2023-28708 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.. EPSS estimates a 1.83% chance of exploitation in the next 30 days.
Description
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Apache | Tomcat | >= 8.5.0, < 8.5.86 | — |
| Apache | Tomcat | > 9.0.0, < 9.0.72 | — |
| Apache | Tomcat | > 10.1.0, < 10.1.6 | — |
| Apache | Tomcat | 11.0.0 | Milestone1 |
References
- https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67Mailing List, Patch, Vendor Advisory
- https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67Mailing List, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28708?
How severe is CVE-2023-28708?
How do I fix CVE-2023-28708?
Are you affected by CVE-2023-28708?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST