Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:7761
HistoryNov 13, 2018 - 5:10 a.m.

Session Hijacking

2018-11-1305:10:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

tomcat-util is vulnerable to session hijacking attacks. The vulnerability exists due to tomcat-util incorrectly treating single quotes as delimiters in cookies, allowing sensitive information such as session ID to be leaked. This issue is also CVE-2007-3385.

References

Related

redhat 7
seebug 2
openvas 32
osv 5
nessus 28
centos 1
debian 2
oraclelinux 1
atlassian 2
tomcat 5
exploitpack 1
veracode 2
prion 3
github 3
securityvulns 4
cert 1
cve 3
ubuntucve 3
exploitdb 1
jvn 1
fedora 5
altlinux 1
redhat
redhat
(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update
2007-11-05 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
seebug
seebug
Apache Tomcat倚δΈͺθΏœη¨‹δΏ‘ζ―ζ³„ιœ²ζΌζ΄ž
2007-08-23 00:00:00
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
openvas
openvas
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1453-1)
2008-01-17 00:00:00
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
osv
osv
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
nessus
nessus
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
veracode
veracode
Information Disclosure
2019-03-25 08:40:44
Session Hijacking
2018-11-12 08:37:47
prion
prion
Design/Logic Flaw
2007-08-14 22:17:00
Session fixation
2007-08-14 22:17:00
Code injection
2008-02-12 01:00:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
securityvulns
securityvulns
CVE-2007-3382: Handling of cookies containing a &#39; character
2007-08-14 00:00:00
CVE-2007-3385: Handling of &#92;&quot; in cookies
2007-08-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
cve
cve
CVE-2007-3382
2007-08-14 22:17:00
CVE-2007-3385
2007-08-14 22:17:00
CVE-2007-5333
2008-02-12 01:00:00
ubuntucve
ubuntucve
CVE-2007-3385
2007-08-14 00:00:00
CVE-2007-3382
2007-08-14 00:00:00
CVE-2007-5333
2008-02-12 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
jvn
jvn
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON
Related for VERACODE:7761
redhat7seebug2openvas32osv5nessus28centos1debian2oraclelinux1atlassian2tomcat5exploitpack1veracode2prion3github3securityvulns4cert1cve3ubuntucve3exploitdb1jvn1fedora5altlinux1