Lucene search

[email protected]CVE-2007-3382

HistoryAug 14, 2007 - 10:17 p.m.

CVE-2007-3382

2007-08-1422:17:00

CWE-200

[email protected]

web.nvd.nist.gov

apache tomcat

cve-2007-3382

session hijacking

information leakage

cookie vulnerability

nvd

5.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.034 Low

EPSS

Percentile

91.4%

JSON

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (“'”) as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

CPENameOperatorVersion
apache:tomcatapache tomcateq4.1.2
apache:tomcatapache tomcateq4.1.36
apache:tomcatapache tomcateq4.1.9
apache:tomcatapache tomcateq5.5.18
apache:tomcatapache tomcateq5.0.8
apache:tomcatapache tomcateq5.0.19
apache:tomcatapache tomcateq6.0.6
apache:tomcatapache tomcateq6.0.11
apache:tomcatapache tomcateq5.5.12
apache:tomcatapache tomcateq5.0.14

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	4.1.2
apache:tomcat	apache tomcat	eq	4.1.36
apache:tomcat	apache tomcat	eq	4.1.9
apache:tomcat	apache tomcat	eq	5.5.18
apache:tomcat	apache tomcat	eq	5.0.8
apache:tomcat	apache tomcat	eq	5.0.19
apache:tomcat	apache tomcat	eq	6.0.6
apache:tomcat	apache tomcat	eq	6.0.11
apache:tomcat	apache tomcat	eq	5.5.12
apache:tomcat	apache tomcat	eq	5.0.14

Rows per page:

1-10 of 841

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

secunia.com/advisories/26466

secunia.com/advisories/26898

secunia.com/advisories/27037

secunia.com/advisories/27267

secunia.com/advisories/27727

secunia.com/advisories/28317

secunia.com/advisories/28361

secunia.com/advisories/29242

secunia.com/advisories/30802

secunia.com/advisories/33668

secunia.com/advisories/36486

securitytracker.com/id?1018556

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-6.html

www-01.ibm.com/support/docview.wss?uid=swg1IZ55562

www.debian.org/security/2008/dsa-1447

www.debian.org/security/2008/dsa-1453

www.kb.cert.org/vuls/id/993544

www.mandriva.com/security/advisories?name=MDKSA-2007:241

www.redhat.com/support/errata/RHSA-2007-0871.html

www.redhat.com/support/errata/RHSA-2007-0950.html

www.redhat.com/support/errata/RHSA-2008-0195.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/476442/100/0/threaded

www.securityfocus.com/archive/1/476466/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/25316

www.vupen.com/english/advisories/2007/2902

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2007/3527

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2009/0233

exchange.xforce.ibmcloud.com/vulnerabilities/36006

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

5.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.034 Low

EPSS

Percentile

91.4%

JSON

Related for CVE-2007-3382

securityvulns2 cert1 prion1 osv3 ubuntucve1 github1 redhat7 veracode1 seebug1 openvas30 nessus24 centos1 oraclelinux1 debian2 atlassian2 tomcat3 fedora5 altlinux1