Lucene search

K
osvGoogleOSV:GHSA-6J8F-66VH-39MJ
HistoryMay 01, 2022 - 6:13 p.m.

Apache Tomcat Mishandles Character Sequence in Cookies

2022-05-0118:13:14
Google
osv.dev
17
apache tomcat
version 6.0.0 to 6.0.13
5.5.0 to 5.5.24
5.0.0 to 5.0.30
4.1.0 to 4.1.36
version 3.3 to 3.3.2
cookie security
session hijacking

AI Score

6

Confidence

High

EPSS

0.04

Percentile

92.2%

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

References