CVE-2023-28708

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", "name": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-523"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-28708", "ASSIGNER": "security@apache.org"}}, "impact": {}, "publishedDate": "2023-03-22T11:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-22T12:47Z"}