Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through
4.1.36 does not properly handle (1) double quote (") characters or (2) %5C
(encoded backslash) sequences in a cookie value, which might cause
sensitive information such as session IDs to be leaked to remote attackers
and enable session hijacking attacks. NOTE: this issue exists because of an
incomplete fix for CVE-2007-3385.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/tomcat5.5/+bug/220540>
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465645>

References

launchpad.net/bugs/cve/CVE-2007-5333

nvd.nist.gov/vuln/detail/CVE-2007-5333

security-tracker.debian.org/tracker/CVE-2007-5333

www.cve.org/CVERecord?id=CVE-2007-5333

jvn 1

github 2

osv 4

prion 2

cve 2

veracode 3

tomcat 5

exploitpack 1

seebug 2

securityvulns 5

ubuntucve 1

nessus 41

openvas 49

exploitdb 1

redhat 12

centos 2

debian 2

oraclelinux 2

atlassian 2

fedora 5

gentoo 1

altlinux 1

vmware 4

ibm 1

jvn

JVN#09470767 Apache Tomcat fails to properly handle cookie value

2008-02-12 00:00:00

github

Exposure of Sensitive Information in Apache Tomcat

2022-05-01 18:32:19

Apache Tomcat Mishandles Character Sequence in Cookies

2022-05-01 18:13:14

osv

Exposure of Sensitive Information in Apache Tomcat

2022-05-01 18:32:19

Apache Tomcat Mishandles Character Sequence in Cookies

2022-05-01 18:13:14

tomcat5 - several vulnerabilities

2008-01-07 00:00:00

prion

Code injection

2008-02-12 01:00:00

Design/Logic Flaw

2007-08-14 22:17:00

cve

CVE-2007-5333

2008-02-12 01:00:00

CVE-2007-3385

2007-08-14 22:17:00

veracode

Session Hijacking

2018-11-12 08:37:47

Information Disclosure

2019-03-25 08:40:44

Session Hijacking

2018-11-13 05:10:16

tomcat

Fixed in Apache Tomcat 5.5.26

2008-02-05 00:00:00

Fixed in Apache Tomcat 6.0.16

2008-02-08 00:00:00

Fixed in Apache Tomcat 4.1.37

2005-10-06 00:00:00

exploitpack

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure

2008-02-09 00:00:00

seebug

Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability

2014-07-01 00:00:00

Apache Tomcat多个远程信息泄露漏洞

2007-08-23 00:00:00

securityvulns

CVE-2007-3385: Handling of \" in cookies

2007-08-14 00:00:00

Apache Tomcat multiple security vulnerabilities

2007-08-14 00:00:00

[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code

2013-07-29 00:00:00

ubuntucve

CVE-2007-3385

2007-08-14 00:00:00

nessus

Apache Tomcat < 5.5.26 Multiple Vulnerabilities

2010-07-01 00:00:00

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:018)

2009-04-23 00:00:00

Apache Tomcat 6.0.x < 6.0.16 Information Disclosure

2008-02-08 00:00:00

openvas

Mandrake Security Advisory MDVSA-2009:018 (tomcat5)

2009-01-20 00:00:00

Mandrake Security Advisory MDVSA-2009:018 (tomcat5)

2009-01-20 00:00:00

Debian Security Advisory DSA 1453-1 (tomcat5)

2008-01-17 00:00:00

exploitdb

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure

2008-02-09 00:00:00

redhat

(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update

2007-11-05 00:00:00

(RHSA-2007:0871) Moderate: tomcat security update

2007-09-26 00:00:00

(RHSA-2008:0195) Moderate: tomcat security update

2008-04-28 00:00:00

centos

tomcat5 security update

2007-09-28 08:11:50

tomcat5 security update

2009-07-29 17:30:22

debian

[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities

2008-01-07 18:41:20

[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

2008-01-03 21:54:49

oraclelinux

Moderate: tomcat security update

2007-09-26 00:00:00

tomcat security update

2009-07-21 00:00:00

atlassian

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

fedora

[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7

2008-02-13 04:55:03

[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8

2008-02-13 05:14:35

[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8

2008-09-16 23:28:35

gentoo

Tomcat: Multiple vulnerabilities

2008-04-10 00:00:00

altlinux

Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0

2007-11-30 00:00:00

vmware

Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

2008-06-16 00:00:00

Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

2008-06-16 00:00:00

VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.

2009-11-20 00:00:00

ibm

Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

2023-01-27 10:54:22

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.106 Low

EPSS

Percentile

94.9%

JSON

Related for UB:CVE-2007-5333