PRIOn knowledge basePRION:CVE-2007-3382Session fixation
6.1 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.038 Low
EPSS
Percentile
91.6%
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (β'β) as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
References
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secunia.com/advisories/26466
secunia.com/advisories/26898
secunia.com/advisories/27037
secunia.com/advisories/27267
secunia.com/advisories/27727
secunia.com/advisories/28317
secunia.com/advisories/28361
secunia.com/advisories/29242
secunia.com/advisories/30802
secunia.com/advisories/33668
secunia.com/advisories/36486
securitytracker.com/id?1018556
support.apple.com/kb/HT2163
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-6.html
www-01.ibm.com/support/docview.wss?uid=swg1IZ55562
www.debian.org/security/2008/dsa-1447
www.debian.org/security/2008/dsa-1453
www.kb.cert.org/vuls/id/993544
www.mandriva.com/security/advisories?name=MDKSA-2007:241
www.redhat.com/support/errata/RHSA-2007-0871.html
www.redhat.com/support/errata/RHSA-2007-0950.html
www.redhat.com/support/errata/RHSA-2008-0195.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.securityfocus.com/archive/1/476442/100/0/threaded
www.securityfocus.com/archive/1/476466/100/0/threaded
www.securityfocus.com/archive/1/500396/100/0/threaded
www.securityfocus.com/archive/1/500412/100/0/threaded
www.securityfocus.com/bid/25316
www.vupen.com/english/advisories/2007/2902
www.vupen.com/english/advisories/2007/3386
www.vupen.com/english/advisories/2007/3527
www.vupen.com/english/advisories/2008/1981/references
www.vupen.com/english/advisories/2009/0233
exchange.xforce.ibmcloud.com/vulnerabilities/36006
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Related
6.1 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.038 Low
EPSS
Percentile
91.6%