CVE-2023-28708 Report - Details, Severity, & Advisories
Twingate Team
•
May 3, 2024
CVE-2023-28708 is a medium-severity vulnerability affecting certain versions of Apache Tomcat, a widely used web server software. This vulnerability could lead to information disclosure, as it involves session cookies not including the secure attribute when specific conditions are met. As a result, user agents may transmit session cookies over insecure channels. Systems running the affected Apache Tomcat versions are at risk, and mitigation strategies include upgrading to later, more secure versions.
How do I know if I'm affected?
If you're using Apache Tomcat web server software, you might be affected by the vulnerability. This issue impacts versions 11.0.0-M1 to 11.0.0-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85. The vulnerability occurs when specific conditions are met, such as using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. This could lead to information disclosure as session cookies might be transmitted over insecure channels.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to upgrade your Apache Tomcat to a more secure version. Follow these steps: upgrade to 11.0.0-M3 or later for version 11, 10.1.6 or later for version 10.1, 9.0.72 or later for version 9, and 8.5.86 or later for version 8.5. Regularly check for updates and security advisories to maintain security.
Is CVE-2023-28708 in CISA’s Known Exploited Vulnerabilities Catalog?
CVE-2023-28708 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, involving the RemoteIpFilter in Apache Tomcat, was published on March 22, 2023. There is no specific due date or required action provided, but users are advised to update their Apache Tomcat to a version that is not affected by this vulnerability to prevent potential information disclosure.
Weakness enumeration
CVE-2023-28708 is an information disclosure vulnerability in Apache Tomcat, identified as CWE-523, Unprotected Transport of Credentials. It affects specific versions and can lead to insecure transmission of session cookies.
For more details
CVE-2023-28708 is a medium-severity information disclosure vulnerability affecting specific versions of Apache Tomcat. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-28708 Report - Details, Severity, & Advisories
Twingate Team
•
May 3, 2024
CVE-2023-28708 is a medium-severity vulnerability affecting certain versions of Apache Tomcat, a widely used web server software. This vulnerability could lead to information disclosure, as it involves session cookies not including the secure attribute when specific conditions are met. As a result, user agents may transmit session cookies over insecure channels. Systems running the affected Apache Tomcat versions are at risk, and mitigation strategies include upgrading to later, more secure versions.
How do I know if I'm affected?
If you're using Apache Tomcat web server software, you might be affected by the vulnerability. This issue impacts versions 11.0.0-M1 to 11.0.0-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85. The vulnerability occurs when specific conditions are met, such as using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. This could lead to information disclosure as session cookies might be transmitted over insecure channels.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to upgrade your Apache Tomcat to a more secure version. Follow these steps: upgrade to 11.0.0-M3 or later for version 11, 10.1.6 or later for version 10.1, 9.0.72 or later for version 9, and 8.5.86 or later for version 8.5. Regularly check for updates and security advisories to maintain security.
Is CVE-2023-28708 in CISA’s Known Exploited Vulnerabilities Catalog?
CVE-2023-28708 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, involving the RemoteIpFilter in Apache Tomcat, was published on March 22, 2023. There is no specific due date or required action provided, but users are advised to update their Apache Tomcat to a version that is not affected by this vulnerability to prevent potential information disclosure.
Weakness enumeration
CVE-2023-28708 is an information disclosure vulnerability in Apache Tomcat, identified as CWE-523, Unprotected Transport of Credentials. It affects specific versions and can lead to insecure transmission of session cookies.
For more details
CVE-2023-28708 is a medium-severity information disclosure vulnerability affecting specific versions of Apache Tomcat. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-28708 Report - Details, Severity, & Advisories
Twingate Team
•
May 3, 2024
CVE-2023-28708 is a medium-severity vulnerability affecting certain versions of Apache Tomcat, a widely used web server software. This vulnerability could lead to information disclosure, as it involves session cookies not including the secure attribute when specific conditions are met. As a result, user agents may transmit session cookies over insecure channels. Systems running the affected Apache Tomcat versions are at risk, and mitigation strategies include upgrading to later, more secure versions.
How do I know if I'm affected?
If you're using Apache Tomcat web server software, you might be affected by the vulnerability. This issue impacts versions 11.0.0-M1 to 11.0.0-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85. The vulnerability occurs when specific conditions are met, such as using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. This could lead to information disclosure as session cookies might be transmitted over insecure channels.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to upgrade your Apache Tomcat to a more secure version. Follow these steps: upgrade to 11.0.0-M3 or later for version 11, 10.1.6 or later for version 10.1, 9.0.72 or later for version 9, and 8.5.86 or later for version 8.5. Regularly check for updates and security advisories to maintain security.
Is CVE-2023-28708 in CISA’s Known Exploited Vulnerabilities Catalog?
CVE-2023-28708 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, involving the RemoteIpFilter in Apache Tomcat, was published on March 22, 2023. There is no specific due date or required action provided, but users are advised to update their Apache Tomcat to a version that is not affected by this vulnerability to prevent potential information disclosure.
Weakness enumeration
CVE-2023-28708 is an information disclosure vulnerability in Apache Tomcat, identified as CWE-523, Unprotected Transport of Credentials. It affects specific versions and can lead to insecure transmission of session cookies.
For more details
CVE-2023-28708 is a medium-severity information disclosure vulnerability affecting specific versions of Apache Tomcat. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions