Lucene search
Ubuntu.comUB:CVE-2007-3382HistoryAug 14, 2007 - 12:00 a.m.
CVE-2007-3382
2007-08-1400:00:00
ubuntu.com
ubuntu.com
13
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.034 Low
EPSS
Percentile
91.4%
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to
4.1.36, and 3.3 to 3.3.2 treats single quotes (“'”) as delimiters in
cookies, which might cause sensitive information such as session IDs to be
leaked and allow remote attackers to conduct session hijacking attacks.
Bugs
Related
prion
prion
Session fixation
2007-08-14 22:17:00
osv
osv
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
securityvulns
securityvulns
CVE-2007-3382: Handling of cookies containing a ' character
2007-08-14 00:00:00
github
github
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
cve
cve
CVE-2007-3382
2007-08-14 22:17:00
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
seebug
seebug
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
redhat
redhat
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
nessus
nessus
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
Debian DSA-1453-1 : tomcat5 - several vulnerabilities
2008-01-08 00:00:00
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
openvas
openvas
Debian: Security Advisory (DSA-1453-1)
2008-01-17 00:00:00
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
altlinux
altlinux
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.034 Low
EPSS
Percentile
91.4%
Related for UB:CVE-2007-3382