| Vulnerability Details | |
|---|---|
| Impact | CVSS V2 rating: 5 (Medium) |
| Reported | 20 April 2019 |
| Fixed | 20 May 2019 |
| Affected Builds | Till Build 9000 |
| Fixed in | Build 124024 |
| Overview | Tomcat Vulnerability |
| Recommended Fix | Upgrade to NetFlow Analyzer Version 12.4.024 or above. |
A Tomcat Vulnerability issue was discovered in Zoho ManageEngine Netflow Analyzer 9000. The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
We recommend that you upgrade to NetFlow Analyzer version 12.4.024 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2008-0128 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com