Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-CWW4-VJ5R-RX57
HistoryMay 01, 2022 - 6:32 p.m.

Exposure of Sensitive Information in Apache Tomcat

2022-05-0118:32:19
CWE-200
GitHub Advisory Database
github.com
17

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.106 Low

EPSS

Percentile

94.9%

JSON

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

References

Related

jvn 1
ubuntucve 2
veracode 3
osv 4
prion 2
cve 2
tomcat 5
exploitpack 1
github 1
nessus 41
seebug 2
securityvulns 5
openvas 49
exploitdb 1
redhat 12
centos 2
oraclelinux 2
debian 2
atlassian 2
fedora 5
gentoo 1
altlinux 1
vmware 4
ibm 1
jvn
jvn
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
ubuntucve
ubuntucve
CVE-2007-5333
2008-02-12 00:00:00
CVE-2007-3385
2007-08-14 00:00:00
veracode
veracode
Session Hijacking
2018-11-12 08:37:47
Information Disclosure
2019-03-25 08:40:44
Session Hijacking
2018-11-13 05:10:16
osv
osv
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
prion
prion
Code injection
2008-02-12 01:00:00
Design/Logic Flaw
2007-08-14 22:17:00
cve
cve
CVE-2007-5333
2008-02-12 01:00:00
CVE-2007-3385
2007-08-14 22:17:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
Fixed in Apache Tomcat 6.0.16
2008-02-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
nessus
nessus
Apache Tomcat < 5.5.26 Multiple Vulnerabilities
2010-07-01 00:00:00
Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:018)
2009-04-23 00:00:00
Apache Tomcat 6.0.x < 6.0.16 Information Disclosure
2008-02-08 00:00:00
seebug
seebug
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
Apache Tomcat倚δΈͺθΏœη¨‹δΏ‘ζ―ζ³„ιœ²ζΌζ΄ž
2007-08-23 00:00:00
securityvulns
securityvulns
CVE-2007-3385: Handling of &#92;&quot; in cookies
2007-08-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service &#40;DoS&#41;, Unauthorized Access, Execution of Arbitrary Code
2013-07-29 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:018 (tomcat5)
2009-01-20 00:00:00
Mandrake Security Advisory MDVSA-2009:018 (tomcat5)
2009-01-20 00:00:00
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
redhat
redhat
(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update
2007-11-05 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
tomcat5 security update
2009-07-29 17:30:22
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
tomcat security update
2009-07-21 00:00:00
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.106 Low

EPSS

Percentile

94.9%

JSON
Related for GHSA-CWW4-VJ5R-RX57
jvn1ubuntucve2veracode3osv4prion2cve2tomcat5exploitpack1github1nessus41seebug2securityvulns5openvas49exploitdb1redhat12centos2oraclelinux2debian2atlassian2fedora5gentoo1altlinux1vmware4ibm1