Several remote vulnerabilities have been discovered in the Tomcat
servlet and JSP engine. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-3382

It was discovered that single quotes (') in cookies were treated
as a delimiter, which could lead to an information leak.

CVE-2007-3385

It was discovered that the character sequence " in cookies was
handled incorrectly, which could lead to an information leak.

CVE-2007-5461

It was discovered that the WebDAV servlet is vulnerable to absolute
path traversal.

The old stable distribution (sarge) doesn’t contain tomcat5.

For the stable distribution (etch), these problems have been fixed in
version 5.0.30-12etch1.

The unstable distribution (sid) no longer contains tomcat5.

We recommend that you upgrade your tomcat5 packages.

CPENameOperatorVersion
tomcat5eq5.0.30-12

CPE	Name	Operator	Version
	tomcat5	eq	5.0.30-12

References

www.debian.org/security/2008/dsa-1453

openvas 31

nessus 42

debian 2

redhat 11

seebug 3

veracode 4

osv 5

centos 2

oraclelinux 2

atlassian 2

fedora 5

altlinux 1

exploitpack 1

tomcat 5

prion 5

cve 5

github 4

cert 1

securityvulns 4

ubuntucve 5

checkpoint_advisories 1

exploitdb 1

jvn 1

redhatcve 1

gentoo 1

vmware 4

ibm 1

openvas

Debian Security Advisory DSA 1453-1 (tomcat5)

2008-01-17 00:00:00

Debian Security Advisory DSA 1447-1 (tomcat5.5)

2008-01-17 00:00:00

Oracle Linux Local Check: ELSA-2007-0871

2015-10-08 00:00:00

nessus

Debian DSA-1453-1 : tomcat5 - several vulnerabilities

2008-01-08 00:00:00

Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities

2008-01-07 00:00:00

Oracle Linux 5 : tomcat (ELSA-2007-0871)

2013-07-12 00:00:00

debian

[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities

2008-01-07 18:41:20

[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

2008-01-03 21:54:49

redhat

(RHSA-2008:0195) Moderate: tomcat security update

2008-04-28 00:00:00

(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update

2007-11-05 00:00:00

(RHSA-2007:0871) Moderate: tomcat security update

2007-09-26 00:00:00

seebug

Apache Tomcat多个远程信息泄露漏洞

2007-08-23 00:00:00

Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability

2014-07-01 00:00:00

Apache Tomcat WebDav远程信息泄露漏洞

2007-10-28 00:00:00

veracode

Session Hijacking

2018-11-13 05:10:16

Information Disclosure

2019-03-25 08:40:44

Path Traversal

2018-11-12 08:02:36

osv

tomcat5.5 several vulnerabilities

2008-01-03 00:00:00

Apache Tomcat treats single quotes as delimiters in cookies

2022-05-01 18:13:14

Apache Tomcat Mishandles Character Sequence in Cookies

2022-05-01 18:13:14

centos

tomcat5 security update

2007-09-28 08:11:50

tomcat5 security update

2008-03-19 00:04:06

oraclelinux

Moderate: tomcat security update

2007-09-26 00:00:00

Moderate: tomcat security update

2008-03-11 00:00:00

atlassian

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

fedora

[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8

2007-11-17 05:37:36

[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7

2007-11-17 05:34:43

[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7

2008-02-13 04:55:03

altlinux

Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0

2007-11-30 00:00:00

exploitpack

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure

2008-02-09 00:00:00

tomcat

Fixed in Apache Tomcat 6.0.14

2007-08-13 00:00:00

Fixed in Apache Tomcat 5.5.25, 5.0.SVN

2007-09-08 00:00:00

Fixed in Apache Tomcat 4.1.37

2005-10-06 00:00:00

prion

Design/Logic Flaw

2007-08-14 22:17:00

Session fixation

2007-08-14 22:17:00

Path traversal

2007-10-15 18:17:00

cve

CVE-2007-5461

2007-10-15 18:17:00

CVE-2007-3382

2007-08-14 22:17:00

CVE-2007-3385

2007-08-14 22:17:00

github

Apache Tomcat Mishandles Character Sequence in Cookies

2022-05-01 18:13:14

Apache Tomcat treats single quotes as delimiters in cookies

2022-05-01 18:13:14

Apache Tomcat Path Traversal Vulnerability

2022-05-01 18:33:34

cert

Apache Tomcat fails to properly handle cookies containing single quotes

2007-08-14 00:00:00

securityvulns

CVE-2007-3382: Handling of cookies containing a ' character

2007-08-14 00:00:00

CVE-2007-3385: Handling of \" in cookies

2007-08-14 00:00:00

Apache Tomcat multiple security vulnerabilities

2007-08-14 00:00:00

ubuntucve

CVE-2007-3385

2007-08-14 00:00:00

CVE-2007-3382

2007-08-14 00:00:00

CVE-2007-5461

2007-10-15 00:00:00

checkpoint_advisories

Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)

2013-11-18 00:00:00

exploitdb

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure

2008-02-09 00:00:00

jvn

JVN#09470767 Apache Tomcat fails to properly handle cookie value

2008-02-12 00:00:00

redhatcve

CVE-2007-5731

2019-10-04 21:11:49

gentoo

Tomcat: Multiple vulnerabilities

2008-04-10 00:00:00

vmware

Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

2008-06-16 00:00:00

Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

2008-06-16 00:00:00

VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.

2009-11-20 00:00:00

ibm

Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

2023-01-27 10:54:22

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for OSV:DSA-1453-1