Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qdck-q54n-rkcv
Vulnerability ID VCID-qdck-q54n-rkcv
Aliases CVE-2008-0128
Summary The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.03858 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0128
https://svn.apache.org/viewvc?view=rev&rev=684900
429821 https://bugzilla.redhat.com/show_bug.cgi?id=429821
CVE-2008-0128 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
RHSA-2008:0630 https://access.redhat.com/errata/RHSA-2008:0630
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.88153
EPSS Score 0.03858
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:18.051159+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-6.html 38.0.0