CVE-2007-3382 Information

Feb 14, 2021 cve

Description

Apache Tomcat 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 and 3.3 to 3.3.2 treats single quotes (') as delimiters in cookies which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Reference

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/26466 http://secunia.com/advisories/26898 http://secunia.com/advisories/27037 http://secunia.com/advisories/27267 http://secunia.com/advisories/27727 http://secunia.com/advisories/28317 http://secunia.com/advisories/28361 http://secunia.com/advisories/29242 http://secunia.com/advisories/30802 http://secunia.com/advisories/33668 http://secunia.com/advisories/36486 http://securitytracker.com/id?1018556 http://support.apple.com/kb/HT2163 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-6.html http://www.debian.org/security/2008/dsa-1447 http://www.debian.org/security/2008/dsa-1453 http://www.kb.cert.org/vuls/id/993544 http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 http://www.redhat.com/support/errata/RHSA-2007-0871.html http://www.redhat.com/support/errata/RHSA-2007-0950.html http://www.redhat.com/support/errata/RHSA-2008-0195.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securityfocus.com/archive/1/476442/100/0/threaded http://www.securityfocus.com/archive/1/476466/100/0/threaded http://www.securityfocus.com/archive/1/500396/100/0/threaded http://www.securityfocus.com/archive/1/500412/100/0/threaded http://www.securityfocus.com/bid/25316 http://www.vupen.com/english/advisories/2007/2902 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2007/3527 http://www.vupen.com/english/advisories/2008/1981/references http://www.vupen.com/english/advisories/2009/0233 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562 https://exchange.xforce.ibmcloud.com/vulnerabilities/36006 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@3Cdev.tomcat.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11269 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Share on: