Lucene search

K
nvd[email protected]NVD:CVE-2007-3385
HistoryAug 14, 2007 - 10:17 p.m.

CVE-2007-3385

2007-08-1422:17:00
CWE-200
web.nvd.nist.gov
9

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0.041

Percentile

92.3%

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Affected configurations

Nvd
Node
apachetomcatMatch3.3
OR
apachetomcatMatch3.3.1
OR
apachetomcatMatch3.3.1a
OR
apachetomcatMatch3.3.2
OR
apachetomcatMatch4.1.0
OR
apachetomcatMatch4.1.1
OR
apachetomcatMatch4.1.2
OR
apachetomcatMatch4.1.3
OR
apachetomcatMatch4.1.3beta
OR
apachetomcatMatch4.1.9beta
OR
apachetomcatMatch4.1.10
OR
apachetomcatMatch4.1.15
OR
apachetomcatMatch4.1.24
OR
apachetomcatMatch4.1.28
OR
apachetomcatMatch4.1.31
OR
apachetomcatMatch4.1.36
OR
apachetomcatMatch5.0.0
OR
apachetomcatMatch5.0.1
OR
apachetomcatMatch5.0.2
OR
apachetomcatMatch5.0.3
OR
apachetomcatMatch5.0.4
OR
apachetomcatMatch5.0.5
OR
apachetomcatMatch5.0.6
OR
apachetomcatMatch5.0.7
OR
apachetomcatMatch5.0.8
OR
apachetomcatMatch5.0.9
OR
apachetomcatMatch5.0.10
OR
apachetomcatMatch5.0.11
OR
apachetomcatMatch5.0.12
OR
apachetomcatMatch5.0.13
OR
apachetomcatMatch5.0.14
OR
apachetomcatMatch5.0.15
OR
apachetomcatMatch5.0.16
OR
apachetomcatMatch5.0.17
OR
apachetomcatMatch5.0.18
OR
apachetomcatMatch5.0.19
OR
apachetomcatMatch5.0.21
OR
apachetomcatMatch5.0.22
OR
apachetomcatMatch5.0.23
OR
apachetomcatMatch5.0.24
OR
apachetomcatMatch5.0.25
OR
apachetomcatMatch5.0.26
OR
apachetomcatMatch5.0.27
OR
apachetomcatMatch5.0.28
OR
apachetomcatMatch5.0.29
OR
apachetomcatMatch5.0.30
OR
apachetomcatMatch5.5.0
OR
apachetomcatMatch5.5.1
OR
apachetomcatMatch5.5.2
OR
apachetomcatMatch5.5.3
OR
apachetomcatMatch5.5.4
OR
apachetomcatMatch5.5.5
OR
apachetomcatMatch5.5.6
OR
apachetomcatMatch5.5.7
OR
apachetomcatMatch5.5.8
OR
apachetomcatMatch5.5.9
OR
apachetomcatMatch5.5.10
OR
apachetomcatMatch5.5.11
OR
apachetomcatMatch5.5.12
OR
apachetomcatMatch5.5.13
OR
apachetomcatMatch5.5.14
OR
apachetomcatMatch5.5.15
OR
apachetomcatMatch5.5.16
OR
apachetomcatMatch5.5.17
OR
apachetomcatMatch5.5.18
OR
apachetomcatMatch5.5.19
OR
apachetomcatMatch5.5.20
OR
apachetomcatMatch5.5.21
OR
apachetomcatMatch5.5.22
OR
apachetomcatMatch5.5.23
OR
apachetomcatMatch5.5.24
OR
apachetomcatMatch6.0.0
OR
apachetomcatMatch6.0.1
OR
apachetomcatMatch6.0.2
OR
apachetomcatMatch6.0.3
OR
apachetomcatMatch6.0.4
OR
apachetomcatMatch6.0.5
OR
apachetomcatMatch6.0.6
OR
apachetomcatMatch6.0.7
OR
apachetomcatMatch6.0.8
OR
apachetomcatMatch6.0.9
OR
apachetomcatMatch6.0.10
OR
apachetomcatMatch6.0.11
OR
apachetomcatMatch6.0.12
OR
apachetomcatMatch6.0.13
VendorProductVersionCPE
apachetomcat3.3cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
apachetomcat3.3.1cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
apachetomcat3.3.1acpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
apachetomcat3.3.2cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*
apachetomcat4.1.0cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
apachetomcat4.1.1cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
apachetomcat4.1.2cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
apachetomcat4.1.3cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
apachetomcat4.1.3cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
apachetomcat4.1.9cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
Rows per page:
1-10 of 851

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0.041

Percentile

92.3%