PT-2007-4660 · Apache+2 · Apache Tomcat+2

Publicado

2007-08-14

·

Atualizado

2022-05-01

·

CVE-2007-3385

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 3.3 to 3.3.2 Apache Tomcat versions 4.1.0 to 4.1.36 Apache Tomcat versions 5.0.0 to 5.0.30 Apache Tomcat versions 5.5.0 to 5.5.24 Apache Tomcat versions 6.0.0 to 6.0.13
Description The issue arises from improper handling of the `` character sequence in a cookie value, potentially leading to the leakage of sensitive information such as session IDs to remote attackers. This could enable session hijacking attacks.
Recommendations For Apache Tomcat versions 3.3 to 3.3.2, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 4.1.0 to 4.1.36, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 5.0.0 to 5.0.30, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 5.5.0 to 5.5.24, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 6.0.0 to 6.0.13, update to a version that properly handles the `` character sequence in cookie values.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2007-3385
DSA-1447-1
DSA-1453-1
GHSA-6J8F-66VH-39MJ
HPSBUX02262
RHSA-2007:0871
RHSA-2007:0876
RHSA-2007:0950
RHSA-2007:1069
RHSA-2007_0871
RHSA-2008:0195
RHSA-2008:0261
RHSA-2008:0524
RHSA-2010:0602

Produtos afetados

Apache Tomcat
Hp-Ux
Red Hat