Lucene search
RootSSV:2153HistoryAug 23, 2007 - 12:00 a.m.
Apache Tomcat多个远程信息泄露漏洞
2007-08-2300:00:00
Root
www.seebug.org
150
0.015 Low
EPSS
Percentile
85.7%
BUGTRAQ ID: 25316
CVE(CAN) ID: CVE-2007-3385,CVE-2007-3382
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
Apache Tomcat处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞获取会话相关的敏感信息。
Apache Tomcat没有正确的处理Cookie值中的“" ”字符序列,且错误地将Cookie值中的单引号处理为分隔符,在某些情况下,这可能导致泄露敏感信息,如会话ID。
Apache Group Tomcat 6.0.0 - 6.0.13
Apache Group Tomcat 5.5.0 - 5.5.24
Apache Group Tomcat 4.1.0 - 4.1.36
Apache Group Tomcat 3.3 - 3.3.2
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz” target=“_blank”>http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz</a>
http://localhost:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B
http://localost:8080/servlets-examples/servlet/CookieExample?cookiename=BL
Related
redhat
redhat
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
Information Disclosure
2019-03-25 08:40:44
Session Hijacking
2018-11-12 08:37:47
nessus
nessus
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
Debian: Security Advisory (DSA-1453-1)
2008-01-17 00:00:00
osv
osv
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
centos
centos
tomcat5 security update
2007-09-28 08:11:50
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
prion
prion
Design/Logic Flaw
2007-08-14 22:17:00
Session fixation
2007-08-14 22:17:00
Code injection
2008-02-12 01:00:00
securityvulns
securityvulns
CVE-2007-3382: Handling of cookies containing a ' character
2007-08-14 00:00:00
CVE-2007-3385: Handling of \" in cookies
2007-08-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
cve
cve
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
seebug
seebug
ubuntucve
ubuntucve
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
jvn
jvn
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
altlinux
altlinux