CVE-2007-3382

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 3.3 to 3.3.2 Apache Tomcat versions 4.1.0 to 4.1.36 Apache Tomcat versions 5.0.0 to 5.0.30 Apache Tomcat versions 5.5.0 to 5.5.24 Apache Tomcat versions 6.0.0 to 6.0.13

Description The issue arises from Apache Tomcat treating single quotes (') as delimiters in cookies. This might cause sensitive information, such as session IDs, to be leaked, allowing remote attackers to conduct session hijacking attacks. In certain circumstances, this leads to the leaking of information like session IDs to attackers.

Recommendations For Apache Tomcat versions 3.3 to 3.3.2, update to a version that does not treat single quotes as delimiters in cookies. For Apache Tomcat versions 4.1.0 to 4.1.36, update to a version that does not treat single quotes as delimiters in cookies. For Apache Tomcat versions 5.0.0 to 5.0.30, update to a version that does not treat single quotes as delimiters in cookies. For Apache Tomcat versions 5.5.0 to 5.5.24, update to a version that does not treat single quotes as delimiters in cookies. For Apache Tomcat versions 6.0.0 to 6.0.13, update to a version that does not treat single quotes as delimiters in cookies. As a temporary workaround, consider restricting access to sensitive cookies to minimize the risk of exploitation.