Security Updates - CVE Database

 

CVE-2008-0128

Tomcat Vulnerability

Vulnerability Details
Impact CVSS V2 rating: 5 (Medium)
Reported 20 April 2019
Fixed 20 May 2019
Affected Builds Till Build 9000
Fixed in Build 124024
Overview Tomcat Vulnerability
Recommended Fix Upgrade to NetFlow Analyzer Version 12.4.024 or above.

Description

A Tomcat Vulnerability issue was discovered in Zoho ManageEngine Netflow Analyzer 9000. The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

We recommend that you upgrade to NetFlow Analyzer version 12.4.024 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2008-0128 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com