4.3
CVSSv2

CVE-2007-3385

Published: 14/08/2007 Updated: 25/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 4.1.1

apache tomcat 4.1.10

apache tomcat 4.1.31

apache tomcat 4.1.36

apache tomcat 4.1.9

apache tomcat 5.0.14

apache tomcat 5.0.15

apache tomcat 5.0.22

apache tomcat 5.0.23

apache tomcat 5.0.30

apache tomcat 5.0.4

apache tomcat 5.5.1

apache tomcat 5.5.10

apache tomcat 5.5.17

apache tomcat 5.5.18

apache tomcat 5.5.3

apache tomcat 5.5.4

apache tomcat 6.0.1

apache tomcat 6.0.10

apache tomcat 6.0.5

apache tomcat 3.3

apache tomcat 4.1.15

apache tomcat 4.1.2

apache tomcat 5.0.0

apache tomcat 5.0.1

apache tomcat 5.0.16

apache tomcat 5.0.17

apache tomcat 5.0.24

apache tomcat 5.0.25

apache tomcat 5.0.5

apache tomcat 5.0.6

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.19

apache tomcat 5.5.2

apache tomcat 5.5.5

apache tomcat 5.5.6

apache tomcat 6.0.11

apache tomcat 6.0.12

apache tomcat 6.0.7

apache tomcat 6.0.8

apache tomcat 3.3.2

apache tomcat 4.1.0

apache tomcat 4.1.3

apache tomcat 5.0.12

apache tomcat 5.0.13

apache tomcat 5.0.2

apache tomcat 5.0.21

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 5.0.3

apache tomcat 5.0.9

apache tomcat 5.5.0

apache tomcat 5.5.15

apache tomcat 5.5.16

apache tomcat 5.5.23

apache tomcat 5.5.24

apache tomcat 5.5.9

apache tomcat 6.0.0

apache tomcat 6.0.3

apache tomcat 3.3.1

apache tomcat 3.3.1a

apache tomcat 4.1.24

apache tomcat 4.1.28

apache tomcat 5.0.10

apache tomcat 5.0.11

apache tomcat 5.0.18

apache tomcat 5.0.19

apache tomcat 5.0.26

apache tomcat 5.0.27

apache tomcat 5.0.7

apache tomcat 5.0.8

apache tomcat 5.5.13

apache tomcat 5.5.14

apache tomcat 5.5.20

apache tomcat 5.5.21

apache tomcat 5.5.22

apache tomcat 5.5.7

apache tomcat 5.5.8

apache tomcat 6.0.13

apache tomcat 6.0.2

apache tomcat 6.0.9

apache tomcat 6.0.4

apache tomcat 6.0.6

References

CWE-200http://www.kb.cert.org/vuls/id/993544http://tomcat.apache.org/security-6.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0871.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0950.htmlhttp://www.securityfocus.com/bid/25316http://securitytracker.com/id?1018557http://secunia.com/advisories/26466http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://securityreason.com/securityalert/3011http://www.debian.org/security/2008/dsa-1447http://www.debian.org/security/2008/dsa-1453http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://secunia.com/advisories/29242http://www.redhat.com/support/errata/RHSA-2008-0195.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://support.apple.com/kb/HT2163http://secunia.com/advisories/30802http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://secunia.com/advisories/33668http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/36486http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562http://www.vupen.com/english/advisories/2009/0233http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2007/3527http://www.vupen.com/english/advisories/2008/1981/referenceshttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://www.vupen.com/english/advisories/2007/2902http://secunia.com/advisories/44183https://exchange.xforce.ibmcloud.com/vulnerabilities/35999https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549http://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/476444/100/0/threadedhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3Ehttps://nvd.nist.govhttps://www.securityfocus.com/bid/25316