Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-0128 PoC — Apache Tomcat 'SingleSignOn' 远程信息泄露漏洞

Source
https://github.com/ngyanch/4062-1
Associated Vulnerability
Title:Apache Tomcat 'SingleSignOn' 远程信息泄露漏洞 (CVE-2008-0128)
Description:The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Description
CVE-2008-0128
Readme
# Black Duck CoPilot Gradle/Travis CI Example

[![Travis CI](https://travis-ci.org/BlackDuckCoPilot/example-gradle-travis.svg?branch=master)](https://travis-ci.org/BlackDuckCoPilot/example-gradle-travis) [![Black Duck Security Risk](https://copilot.blackducksoftware.com/github/repos/BlackDuckCoPilot/example-gradle-travis/branches/master/badge-risk.svg)](https://copilot.blackducksoftware.com/github/repos/BlackDuckCoPilot/example-gradle-travis/branches/master)

Shows a working setup for using the Black Duck CoPilot integration to analyze the risk of project dependencies

## Travis CI Setup

The `.travis.yml` file has been modified to upload generated dependency data to Black Duck CoPilot:

```yaml
after_success:
  - bash <(curl -s https://copilot.blackducksoftware.com/ci/travis/scripts/upload)
```
File Snapshot

 [4.0K]  /data/pocs/5ca53a94d14d2dfbafd1ee83e0a4ed5c5dc57cb1
├── [2.4K]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 50K]  gradle-wrapper.jar
│       └── [ 230]  gradle-wrapper.properties
├── [5.0K]  gradlew
├── [2.3K]  gradlew.bat
├── [ 807]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  com
                └── [4.0K]  blackducksoftware
                    └── [4.0K]  test
                        └── [ 317]  Main.java

8 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →