Apache Tomcat Cookie Handling Session ID Disclosure

2007-08-14T11:51:35
ID OSVDB:37071
Type osvdb
Reporter OSVDB
Modified 2007-08-14T11:51:35

Description

Solution Description

Upgrade to version 4.1.HEAD, 5.5.25, 6.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://tomcat.apache.org/security-6.html Security Tracker: 1018557 Secunia Advisory ID:27037 Secunia Advisory ID:27267 Secunia Advisory ID:28317 Secunia Advisory ID:28361 Secunia Advisory ID:27727 Secunia Advisory ID:26466 Secunia Advisory ID:26898 Related OSVDB ID: 37070 RedHat RHSA: RHSA-2007:0871 Other Advisory URL: HPSBUX02262 SSRT071447: Other Advisory URL: HPSBTU02276 SSRT071472: Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html Other Advisory URL: http://www.us.debian.org/security/2008/dsa-1453 Other Advisory URL: http://www.debian.org/security/2008/dsa-1447 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0191.html ISS X-Force ID: 35999 FrSIRT Advisory: ADV-2007-2902 FrSIRT Advisory: ADV-2007-3386 FrSIRT Advisory: ADV-2007-3527 CVE-2007-3385 CERT VU: 993544 Bugtraq ID: 25316