Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17780
HistoryAug 14, 2007 - 12:00 a.m.

CVE-2007-3385: Handling of \" in cookies

2007-08-1400:00:00
vulners.com
49
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2007-3385: Handling of \" in cookies

Severity:
Low (Session Hi-jacking)

Vendor:
The Apache Software Foundation

Versions Affected:
6.0.0 to 6.0.13
5.5.0 to 5.5.24
5.0.0 to 5.0.30
4.1.0 to 4.1.36
3.3 to 3.3.2

Description:
Tomcat incorrectly handles the character sequence \" in a cookie
value. In some circumstances this can lead to the leaking of
information such as session ID to an attacker.

Mitigation:
Upgrade to 6.0.14

Credit:
This issue was discovered by Tomasz Kuczynski, Poznan Supercomputing
and Networking Center, who worked with the CERT/CC to report the
vulnerability.

Example:
http://localhost:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B

References:
http://tomcat.apache.org/security.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwSFlb7IeiTPGAkMRArdPAJ99AXYzSterU7oG+u8UrtQAd2lTZwCbBK2R
hwRixKaYOwWyj5kD+fLT1ls=
=hgTP
-----END PGP SIGNATURE-----

Related

exploitpack 1
veracode 3
github 2
prion 2
seebug 2
ubuntucve 2
osv 4
cve 2
exploitdb 1
jvn 1
redhat 7
securityvulns 2
nessus 28
openvas 32
centos 1
debian 2
oraclelinux 1
atlassian 2
tomcat 5
altlinux 1
fedora 5
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
veracode
veracode
Information Disclosure
2019-03-25 08:40:44
Session Hijacking
2018-11-12 08:37:47
Session Hijacking
2018-11-13 05:10:16
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
prion
prion
Design/Logic Flaw
2007-08-14 22:17:00
Code injection
2008-02-12 01:00:00
seebug
seebug
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
Apache Tomcat倚δΈͺθΏœη¨‹δΏ‘ζ―ζ³„ιœ²ζΌζ΄ž
2007-08-23 00:00:00
ubuntucve
ubuntucve
CVE-2007-3385
2007-08-14 00:00:00
CVE-2007-5333
2008-02-12 00:00:00
osv
osv
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
cve
cve
CVE-2007-3385
2007-08-14 22:17:00
CVE-2007-5333
2008-02-12 01:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
jvn
jvn
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
redhat
redhat
(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update
2007-11-05 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
nessus
nessus
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
Debian: Security Advisory (DSA-1453-1)
2008-01-17 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
tomcat
tomcat
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
JSON
Related for SECURITYVULNS:DOC:17780
exploitpack1veracode3github2prion2seebug2ubuntucve2osv4cve2exploitdb1jvn1redhat7securityvulns2nessus28openvas32centos1debian2oraclelinux1atlassian2tomcat5altlinux1fedora5