5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.126 Low
EPSS
Percentile
95.5%
Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.
Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a userβs web browser.
The developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.
A remote attacker could send a crafted cookie to a userβs web browser, which may result in session hijacking.
Update the Software
For Apache Tomcat 6.0.x or Apache Tomcat 5.5.x:
Update the software to the latest version according to the information released by the developer.
For Apache Tomcat 4.1.x:
As of February 8, 2008, the Apache Tomcat Project has not yet released the latest version resolving the vulnerability. They report that they will release Apache Tomcat 4.1.37 soon.
For more information, refer to the developerβs website.