Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Tomcat CloudBees Jenkins 安全漏洞
Vulnerability Description
Apache Tomcat是美国阿帕奇(Apache)软件基金会下属的Jakarta项目的一款轻量级Web应用服务器,它主要用于开发和调试JSP程序,适用于中小型系统。CloudBees Jenkins是其中的一套美国CloudBees公司的基于Java开发的持续集成工具。 Apache Tomcat 7.0.41及之后的版本中的CloudBees Jenkins 1.586之前的版本存在安全漏洞,该漏洞源于程序没有为会话cookie设置安全旗标。远程攻击者可通过拦截HTTP会话中的传输利用该该漏洞捕获c
CVSS Information
N/A
Vulnerability Type
N/A