PT-2007-4660 · Apache+2 · Apache Tomcat+2

Published

2007-08-14

·

Updated

2022-05-01

·

CVE-2007-3385

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 3.3 to 3.3.2 Apache Tomcat versions 4.1.0 to 4.1.36 Apache Tomcat versions 5.0.0 to 5.0.30 Apache Tomcat versions 5.5.0 to 5.5.24 Apache Tomcat versions 6.0.0 to 6.0.13
Description The issue arises from improper handling of the `` character sequence in a cookie value, potentially leading to the leakage of sensitive information such as session IDs to remote attackers. This could enable session hijacking attacks.
Recommendations For Apache Tomcat versions 3.3 to 3.3.2, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 4.1.0 to 4.1.36, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 5.0.0 to 5.0.30, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 5.5.0 to 5.5.24, update to a version that properly handles the character sequence in cookie values. For Apache Tomcat versions 6.0.0 to 6.0.13, update to a version that properly handles the `` character sequence in cookie values.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2007-3385
DSA-1447-1
DSA-1453-1
GHSA-6J8F-66VH-39MJ
HPSBUX02262
RHSA-2007:0871
RHSA-2007:0876
RHSA-2007:0950
RHSA-2007:1069
RHSA-2007_0871
RHSA-2008:0195
RHSA-2008:0261
RHSA-2008:0524
RHSA-2010:0602

Affected Products

Apache Tomcat
Hp-Ux
Red Hat