NA
CVSSv3

CVE-2007-3382

CVSSv4: NA | CVSSv3: NA | CVSSv2: 4.3 | VMScore: 530 | EPSS: 0.14448 | KEV: Not Included
Published: 14/08/2007 Updated: 21/11/2024

Vulnerability Summary

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote malicious users to conduct session hijacking attacks.

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 3.3

apache tomcat 3.3.1

apache tomcat 3.3.1a

apache tomcat 3.3.2

apache tomcat 4.1.0

apache tomcat 4.1.1

apache tomcat 4.1.2

apache tomcat 4.1.3

apache tomcat 4.1.9

apache tomcat 4.1.10

apache tomcat 4.1.15

apache tomcat 4.1.24

apache tomcat 4.1.28

apache tomcat 4.1.31

apache tomcat 4.1.36

apache tomcat 5.0.0

apache tomcat 5.0.1

apache tomcat 5.0.2

apache tomcat 5.0.3

apache tomcat 5.0.4

apache tomcat 5.0.5

apache tomcat 5.0.6

apache tomcat 5.0.7

apache tomcat 5.0.8

apache tomcat 5.0.9

apache tomcat 5.0.10

apache tomcat 5.0.11

apache tomcat 5.0.12

apache tomcat 5.0.13

apache tomcat 5.0.14

apache tomcat 5.0.15

apache tomcat 5.0.16

apache tomcat 5.0.17

apache tomcat 5.0.18

apache tomcat 5.0.19

apache tomcat 5.0.21

apache tomcat 5.0.22

apache tomcat 5.0.23

apache tomcat 5.0.24

apache tomcat 5.0.25

apache tomcat 5.0.26

apache tomcat 5.0.27

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 5.0.30

apache tomcat 5.5.0

apache tomcat 5.5.1

apache tomcat 5.5.2

apache tomcat 5.5.3

apache tomcat 5.5.4

apache tomcat 5.5.5

apache tomcat 5.5.6

apache tomcat 5.5.7

apache tomcat 5.5.8

apache tomcat 5.5.9

apache tomcat 5.5.10

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.13

apache tomcat 5.5.14

apache tomcat 5.5.15

apache tomcat 5.5.16

apache tomcat 5.5.17

apache tomcat 5.5.18

apache tomcat 5.5.19

apache tomcat 5.5.20

apache tomcat 5.5.21

apache tomcat 5.5.22

apache tomcat 5.5.23

apache tomcat 5.5.24

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 6.0.2

apache tomcat 6.0.3

apache tomcat 6.0.4

apache tomcat 6.0.5

apache tomcat 6.0.6

apache tomcat 6.0.7

apache tomcat 6.0.8

apache tomcat 6.0.9

apache tomcat 6.0.10

apache tomcat 6.0.11

apache tomcat 6.0.12

apache tomcat 6.0.13

Exploits

source: wwwsecurityfocuscom/bid/25316/info Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks Versions prior to Apache Tomcat 6014 are vulnerable ...

References

CWE-200https://nvd.nist.govhttps://www.exploit-db.com/exploits/30496/https://www.kb.cert.org/vuls/id/993544https://www.first.org/epsshttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/26466http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://secunia.com/advisories/29242http://secunia.com/advisories/30802http://secunia.com/advisories/33668http://secunia.com/advisories/36486http://securitytracker.com/id?1018556http://support.apple.com/kb/HT2163http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-6.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562http://www.debian.org/security/2008/dsa-1447http://www.debian.org/security/2008/dsa-1453http://www.kb.cert.org/vuls/id/993544http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0871.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0950.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0195.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/476442/100/0/threadedhttp://www.securityfocus.com/archive/1/476466/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25316http://www.vupen.com/english/advisories/2007/2902http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2007/3527http://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/36006https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/26466http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://secunia.com/advisories/29242http://secunia.com/advisories/30802http://secunia.com/advisories/33668http://secunia.com/advisories/36486http://securitytracker.com/id?1018556http://support.apple.com/kb/HT2163http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-6.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562http://www.debian.org/security/2008/dsa-1447http://www.debian.org/security/2008/dsa-1453http://www.kb.cert.org/vuls/id/993544http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0871.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0950.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0195.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/476442/100/0/threadedhttp://www.securityfocus.com/archive/1/476466/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25316http://www.vupen.com/english/advisories/2007/2902http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2007/3527http://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/36006https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html