Lucene search

K
osvGoogleOSV:GHSA-QFF8-G48J-PWPW
HistoryMay 01, 2022 - 6:13 p.m.

Apache Tomcat treats single quotes as delimiters in cookies

2022-05-0118:13:14
Google
osv.dev
13
apache tomcat
single quotes
cookies
session hijacking
vulnerability

AI Score

6.4

Confidence

Low

EPSS

0.089

Percentile

94.6%

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (') as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

References