Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability

Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability

References:

Apache Tomcat Homepage (Apache)
ASF Bugzilla Bug 41217 SingleSignOn Cookie does not honor https access: Login In (Apache)
Debian Tracker CVE-2008-0128 (Debian)
ZLM 7.3 IR3 Tomcat 5.0.30 to fix reported security vulnerabilities (Novell)
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) ("Williams, James K" )
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Computer Associates)
CA20090123-01: Security Notice for Cohesion Tomcat (Computer Associates)
RHSA-2008-0524-4 Red Hat Network Satellite Server security update (Red Hat)
RHSA-2008:0261-4 Moderate: Red Hat Network Satellite Server security update (Red Hat)
RHSA-2008:0630-3 Low: Red Hat Network Satellite Server security update (Red Hat)
Tomcat 5.0.28 in ZLM 7.3 subject to "Multiple Vendor Multiple HTTP Request Smugg (Novell)
Tomcat 5.0.28 in ZLM 7.3 subject to Multiple Vendor Multiple HTTP Request Smuggl (Novell)

Privacy Statement
Copyright 2010, SecurityFocus