CVE-2023-28708

{"id": "CVE-2023-28708", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-03-22T11:15:10.623", "references": [{"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20230331-0012/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-523"}]}], "descriptions": [{"lang": "en", "value": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected."}], "lastModified": "2025-11-04T20:16:26.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5B9F578-C5AF-47B9-8DCB-956FE1142895", "versionEndExcluding": "8.5.86", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F53E1703-7327-4B44-8641-9335B78714E3", "versionEndExcluding": "9.0.72", "versionStartExcluding": "9.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55049943-7BFB-4022-B790-84466E2E873F", "versionEndExcluding": "10.1.6", "versionStartExcluding": "10.1.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}