What is the severity of CVE-2010-4312?

CVE-2010-4312 is considered a medium severity vulnerability.

How do I fix CVE-2010-4312?

To fix CVE-2010-4312, upgrade to Apache Tomcat version 6.0.35 or later.

What versions of Apache Tomcat are affected by CVE-2010-4312?

CVE-2010-4312 affects multiple versions of Apache Tomcat 6.x up to 6.0.34.

Who can be affected by CVE-2010-4312?

Users of Apache Tomcat who do not enable the HTTPOnly flag for their cookies may be vulnerable.

What is the impact of CVE-2010-4312?

The impact of CVE-2010-4312 is an increased risk of session hijacking through script access to cookies.

Vulnerability/
CVE-2010-4312

medium

6.4

CWE

16 1004

26/11/2010

14/5/2022

7/8/2024

CVE-2010-4312

First published: Fri Nov 26 2010(Updated: )

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
maven/org.apache.tomcat:tomcat	>=6.0.0<6.0.35	6.0.35
debian/tomcat6
Tomcat	=6.0.6
Tomcat	=6.0.11
Tomcat	=6.0.7
Tomcat	=6.0.4
Tomcat	=6.0.15
Tomcat	=6.0.20
Tomcat	=6.0.10
Tomcat	=6.0.29
Tomcat	=6.0.3
Tomcat	=6.0.9
Tomcat	=6.0.24
Tomcat	=6.0.17
Tomcat	=6.0
Tomcat	=6.0.28
Tomcat	=6.0.0
Tomcat	=6.0.14
Tomcat	=6.0.1
Tomcat	=6.0.12
Tomcat	=6.0.18
Tomcat	=6.0.5
Tomcat	=6.0.2
Tomcat	=6.0.13
Tomcat	=6.0.26
Tomcat	=6.0.19
Tomcat	=6.0.27
Tomcat	=6.0.16
Tomcat	=6.0.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-4312?
CVE-2010-4312 is considered a medium severity vulnerability.
How do I fix CVE-2010-4312?
To fix CVE-2010-4312, upgrade to Apache Tomcat version 6.0.35 or later.
What versions of Apache Tomcat are affected by CVE-2010-4312?
CVE-2010-4312 affects multiple versions of Apache Tomcat 6.x up to 6.0.34.
Who can be affected by CVE-2010-4312?
Users of Apache Tomcat who do not enable the HTTPOnly flag for their cookies may be vulnerable.
What is the impact of CVE-2010-4312?
The impact of CVE-2010-4312 is an increased risk of session hijacking through script access to cookies.

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-pvjh-7h8q-q56r
alias/CVE-2010-4312
agent/software-canonical-lookup
agent/weakness
collector/launchpad-cve
source/Launchpad
collector/usn-cve
source/Ubuntu
collector/debian-bugs
source/Debian
agent/author
agent/description
agent/first-publish-date
agent/severity
collector/security-tracker-debian
agent/references
agent/softwarecombine
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-cve
source/NVD
package-manager/maven
package-manager/debian
vendor/apache
canonical/tomcat
version/tomcat/6.0.6
version/tomcat/6.0.11
version/tomcat/6.0.7
version/tomcat/6.0.4
version/tomcat/6.0.15
version/tomcat/6.0.20
version/tomcat/6.0.10
version/tomcat/6.0.29
version/tomcat/6.0.3
version/tomcat/6.0.9
version/tomcat/6.0.24
version/tomcat/6.0.17
version/tomcat/6.0
version/tomcat/6.0.28
version/tomcat/6.0.0
version/tomcat/6.0.14
version/tomcat/6.0.1
version/tomcat/6.0.12
version/tomcat/6.0.18
version/tomcat/6.0.5
version/tomcat/6.0.2
version/tomcat/6.0.13
version/tomcat/6.0.26
version/tomcat/6.0.19
version/tomcat/6.0.27
version/tomcat/6.0.16
version/tomcat/6.0.8