Search for vulnerabilities
Vulnerability details: VCID-jts3-sumc-aaaq
Vulnerability ID VCID-jts3-sumc-aaaq
Aliases CVE-2008-0128
Summary CVE-2008-0128 tomcat5 SSO cookie login information disclosure
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-16 Configuration
System Score Found at
generic_textual LOW http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2008-0630.html
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0261
rhas Low https://access.redhat.com/errata/RHSA-2008:0524
rhas Low https://access.redhat.com/errata/RHSA-2008:0630
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0602
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.02898 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04295 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
epss 0.04472 https://api.first.org/data/v1/epss?cve=CVE-2008-0128
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=429821
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
generic_textual MODERATE http://secunia.com/advisories/29242
generic_textual MODERATE http://secunia.com/advisories/31493
generic_textual MODERATE http://secunia.com/advisories/33668
cvssv3.1 4.2 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-0128
generic_textual LOW http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
generic_textual LOW http://www.debian.org/security/2008/dsa-1468
generic_textual LOW http://www.redhat.com/support/errata/RHSA-2008-0261.html
generic_textual MODERATE http://www.securityfocus.com/archive/1/500396/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/archive/1/500412/100/0/threaded
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/0233
Reference id Reference type URL
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://rhn.redhat.com/errata/RHSA-2008-0630.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0128
http://secunia.com/advisories/28549
http://secunia.com/advisories/28552
http://secunia.com/advisories/29242
http://secunia.com/advisories/31493
http://secunia.com/advisories/33668
http://security-tracker.debian.net/tracker/CVE-2008-0128
https://exchange.xforce.ibmcloud.com/vulnerabilities/39804
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://svn.apache.org/viewvc?view=rev&rev=684900
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://www.debian.org/security/2008/dsa-1468
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/bid/27365
http://www.vupen.com/english/advisories/2008/0192
http://www.vupen.com/english/advisories/2009/0233
429821 https://bugzilla.redhat.com/show_bug.cgi?id=429821
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
CVE-2008-0128 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
CVE-2008-0128 https://nvd.nist.gov/vuln/detail/CVE-2008-0128
RHSA-2008:0261 https://access.redhat.com/errata/RHSA-2008:0261
RHSA-2008:0524 https://access.redhat.com/errata/RHSA-2008:0524
RHSA-2008:0630 https://access.redhat.com/errata/RHSA-2008:0630
RHSA-2010:0602 https://access.redhat.com/errata/RHSA-2010:0602
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0128
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.65176
EPSS Score 0.00247
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.