Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-0128 PoC — Apache Tomcat 'SingleSignOn' 远程信息泄露漏洞

Source
https://github.com/ngyanch/4062-1
Associated Vulnerability
Title:Apache Tomcat 'SingleSignOn' 远程信息泄露漏洞 (CVE-2008-0128)
Description:Apache Tomcat 5.5.21之前的版本中的SingleSignOn Valve(org.apache.catalina.authenticator.SingleSignOn)未为https session中的JSESSIONidSSO cookie设置安全的标记,这会导致cookie在http请求中被发送出去,并使得远程攻击者更容易获取该cookie。
Description
CVE-2008-0128
Readme
# Black Duck CoPilot Gradle/Travis CI Example

[![Travis CI](https://travis-ci.org/BlackDuckCoPilot/example-gradle-travis.svg?branch=master)](https://travis-ci.org/BlackDuckCoPilot/example-gradle-travis) [![Black Duck Security Risk](https://copilot.blackducksoftware.com/github/repos/BlackDuckCoPilot/example-gradle-travis/branches/master/badge-risk.svg)](https://copilot.blackducksoftware.com/github/repos/BlackDuckCoPilot/example-gradle-travis/branches/master)

Shows a working setup for using the Black Duck CoPilot integration to analyze the risk of project dependencies

## Travis CI Setup

The `.travis.yml` file has been modified to upload generated dependency data to Black Duck CoPilot:

```yaml
after_success:
  - bash <(curl -s https://copilot.blackducksoftware.com/ci/travis/scripts/upload)
```
File Snapshot

 [4.0K]  /data/pocs/5ca53a94d14d2dfbafd1ee83e0a4ed5c5dc57cb1
├── [2.4K]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 50K]  gradle-wrapper.jar
│       └── [ 230]  gradle-wrapper.properties
├── [5.0K]  gradlew
├── [2.3K]  gradlew.bat
├── [ 807]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  com
                └── [4.0K]  blackducksoftware
                    └── [4.0K]  test
                        └── [ 317]  Main.java

8 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.