Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure

2007-08-14T11:51:35
ID OSVDB:37070
Type osvdb
Reporter OSVDB
Modified 2007-08-14T11:51:35

Description

Solution Description

Upgrade to version 4.1.HEAD, 5.5.25, 6.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://tomcat.apache.org/security-6.html Secunia Advisory ID:27037 Secunia Advisory ID:27267 Secunia Advisory ID:28317 Secunia Advisory ID:28361 Secunia Advisory ID:27727 Secunia Advisory ID:26466 Secunia Advisory ID:26898 Related OSVDB ID: 37071 RedHat RHSA: RHSA-2007:0871 Other Advisory URL: HPSBUX02262 SSRT071447: Other Advisory URL: HPSBTU02276 SSRT071472: Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html Other Advisory URL: http://www.us.debian.org/security/2008/dsa-1453 Other Advisory URL: http://www.debian.org/security/2008/dsa-1447 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0190.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0198.html ISS X-Force ID: 36006 FrSIRT Advisory: ADV-2007-2902 FrSIRT Advisory: ADV-2007-3386 FrSIRT Advisory: ADV-2007-3527 CVE-2007-3382 CERT VU: 993544 Bugtraq ID: 25316