Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2007:0871
HistorySep 26, 2007 - 12:00 a.m.

(RHSA-2007:0871) Moderate: tomcat security update

2007-09-2600:00:00
access.redhat.com
16

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

85.7%

JSON

Tomcat is a servlet container for Java Servlet and Java Server Pages
technologies.

Tomcat was found treating single quote characters – ’ – as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character
sequence in a cookie: " (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).

Users of Tomcat should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ia64tomcat5-jsp-2.0-api< 5.5.23-0jpp.3.0.2.el5tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.ia64.rpm
RedHat5x86_64tomcat5-common-lib< 5.5.23-0jpp.3.0.2.el5tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
RedHat5ppctomcat5< 5.5.23-0jpp.3.0.2.el5tomcat5-5.5.23-0jpp.3.0.2.el5.ppc.rpm
RedHat5x86_64tomcat5-jasper-javadoc< 5.5.23-0jpp.3.0.2.el5tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
RedHat5x86_64tomcat5-jasper< 5.5.23-0jpp.3.0.2.el5tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
RedHat5ppctomcat5-admin-webapps< 5.5.23-0jpp.3.0.2.el5tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm
RedHat5ppctomcat5-webapps< 5.5.23-0jpp.3.0.2.el5tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm
RedHat5ia64tomcat5-jsp-2.0-api-javadoc< 5.5.23-0jpp.3.0.2.el5tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm
RedHat5i386tomcat5-webapps< 5.5.23-0jpp.3.0.2.el5tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
RedHat5x86_64tomcat5-servlet-2.4-api< 5.5.23-0jpp.3.0.2.el5tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
Rows per page:
1-10 of 561

Related

nessus 28
centos 1
oraclelinux 1
openvas 32
redhat 6
seebug 3
veracode 4
securityvulns 5
tomcat 5
debian 2
osv 5
atlassian 2
altlinux 1
fedora 5
exploitpack 1
jvn 2
ubuntucve 4
packetstorm 1
prion 4
cve 4
github 3
cert 1
exploitdb 1
nessus
nessus
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
Debian Security Advisory DSA 1447-1 (tomcat5.5)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1447-1)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update
2007-11-05 00:00:00
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
seebug
seebug
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
Apache Tomcat Host Manager Servlet跨站脚本执行漏洞
2007-08-23 00:00:00
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
Information Disclosure
2019-03-25 08:40:44
Cross-Site Scripting (XSS)
2018-11-12 09:08:34
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CVE-2007-3382: Handling of cookies containing a &#39; character
2007-08-14 00:00:00
CVE-2007-3386: XSS in Host Manager
2007-08-14 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
CVE-2007-3382
2007-08-14 00:00:00
CVE-2007-3385
2007-08-14 00:00:00
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
prion
prion
Design/Logic Flaw
2007-08-14 22:17:00
Cross site scripting
2007-08-14 22:17:00
Session fixation
2007-08-14 22:17:00
cve
cve
CVE-2007-3386
2007-08-14 22:17:00
CVE-2007-3382
2007-08-14 22:17:00
CVE-2007-3385
2007-08-14 22:17:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

85.7%

JSON
Related for RHSA-2007:0871
nessus28centos1oraclelinux1openvas32redhat6seebug3veracode4securityvulns5tomcat5debian2osv5atlassian2altlinux1fedora5exploitpack1jvn2ubuntucve4packetstorm1prion4cve4github3cert1exploitdb1