UBUNTU-CVE-2023-28708
- Source
- https://ubuntu.com/security/CVE-2023-28708
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-28708.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-28708
- Upstream
- Downstream
- Related
- Published
- 2023-03-22T11:15:00Z
- Modified
- 2025-08-14T04:49:16Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.13+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4
8.0.32-1ubuntu1.5
8.0.32-1ubuntu1.6
8.0.32-1ubuntu1.7
8.0.32-1ubuntu1.8
8.0.32-1ubuntu1.9
8.0.32-1ubuntu1.10
8.0.32-1ubuntu1.11
8.0.32-1ubuntu1.13
8.0.32-1ubuntu1.13+esm1
Ubuntu:Pro:18.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm5?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.39-1ubuntu1~18.04.3+esm5
Affected versions
8.*
8.5.21-1ubuntu1
8.5.29-1
8.5.30-1
8.5.30-1ubuntu1
8.5.30-1ubuntu1.2
8.5.30-1ubuntu1.3
8.5.30-1ubuntu1.4
8.5.39-1ubuntu1~18.04.1
8.5.39-1ubuntu1~18.04.2
8.5.39-1ubuntu1~18.04.3
8.5.39-1ubuntu1~18.04.3+esm1
8.5.39-1ubuntu1~18.04.3+esm2
8.5.39-1ubuntu1~18.04.3+esm3
8.5.39-1ubuntu1~18.04.3+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "libtomcat8-embed-java"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "libtomcat8-java"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-admin"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-common"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-docs"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-examples"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-user"
}
]
}
Ubuntu:Pro:18.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm4?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.16-3ubuntu0.18.04.2+esm4
Affected versions
9.*
9.0.16-3~18.04.1
9.0.16-3ubuntu0.18.04.1
9.0.16-3ubuntu0.18.04.2
9.0.16-3ubuntu0.18.04.2+esm1
9.0.16-3ubuntu0.18.04.2+esm2
9.0.16-3ubuntu0.18.04.2+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm4",
"binary_name": "tomcat9-user"
}
]
}
Ubuntu:20.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.8?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.31-1ubuntu0.8
Affected versions
9.*
9.0.24-1
9.0.27-1
9.0.31-1
9.0.31-1ubuntu0.1
9.0.31-1ubuntu0.2
9.0.31-1ubuntu0.3
9.0.31-1ubuntu0.4
9.0.31-1ubuntu0.5
9.0.31-1ubuntu0.6
9.0.31-1ubuntu0.7
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.31-1ubuntu0.8",
"binary_name": "tomcat9-user"
}
]
}
Ubuntu:22.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2?arch=source&distro=jammy
Ubuntu:Pro:22.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.1+esm4?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.58-1ubuntu0.1+esm4
Affected versions
9.*
9.0.43-3
9.0.54-1
9.0.55-1
9.0.58-1
9.0.58-1ubuntu0.1
9.0.58-1ubuntu0.1+esm1
9.0.58-1ubuntu0.1+esm2
9.0.58-1ubuntu0.1+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.58-1ubuntu0.1+esm4",
"binary_name": "tomcat9-user"
}
]
}
Ubuntu:24.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1?arch=source&distro=noble
Ubuntu:Pro:24.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1+esm2?arch=source&distro=esm-apps/noble