CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
94.7%
CentOS Errata and Security Advisory CESA-2007:0871
Tomcat is a servlet container for Java Servlet and Java Server Pages
technologies.
Tomcat was found treating single quote characters – ’ – as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: " (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).
Users of Tomcat should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-September/076419.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076420.html
Affected packages:
tomcat5
tomcat5-admin-webapps
tomcat5-common-lib
tomcat5-jasper
tomcat5-jasper-javadoc
tomcat5-jsp-2.0-api
tomcat5-jsp-2.0-api-javadoc
tomcat5-server-lib
tomcat5-servlet-2.4-api
tomcat5-servlet-2.4-api-javadoc
tomcat5-webapps
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0871