CVE-2007-5333 Information

Description

Apache Tomcat 6.0.0 through 6.0.14 5.5.0 through 5.5.25 and 4.1.0 through 4.1.36 does not properly handle (1) double quote () characters or (2) 5C (encoded backslash) sequences in a cookie value which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Reference

http://jvn.jp/jp/JVN2309470767/index.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/28878 http://secunia.com/advisories/28884 http://secunia.com/advisories/28915 http://secunia.com/advisories/29711 http://secunia.com/advisories/30676 http://secunia.com/advisories/30802 http://secunia.com/advisories/32036 http://secunia.com/advisories/32222 http://secunia.com/advisories/33330 http://secunia.com/advisories/37460 http://secunia.com/advisories/44183 http://secunia.com/advisories/57126 http://security.gentoo.org/glsa/glsa-200804-10.xml http://securityreason.com/securityalert/3636 http://support.apple.com/kb/HT2163 http://support.apple.com/kb/HT3216 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:018 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html http://www.securityfocus.com/archive/1/487822/100/0/threaded http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/27706 http://www.securityfocus.com/bid/31681 http://www.vmware.com/security/advisories/VMSA-2008-0010.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2008/0488 http://www.vupen.com/english/advisories/2008/1856/references http://www.vupen.com/english/advisories/2008/1981/references http://www.vupen.com/english/advisories/2008/2690 http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/3316 http://www-01.ibm.com/support/docview.wss?uid=swg24018932 http://www-01.ibm.com/support/docview.wss?uid=swg27012047 http://www-01.ibm.com/support/docview.wss?uid=swg27012048 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991 https://bugzilla.redhat.com/show_bug.cgi?id=532111 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@3Cdev.tomcat.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11177 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html