Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2007-3385
HistoryAug 14, 2007 - 10:17 p.m.

CVE-2007-3385

2007-08-1422:17:00
CWE-200
redhat
web.nvd.nist.gov
70
apache tomcat
session hijacking
cve-2007-3385
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.041

Percentile

92.3%

JSON

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Affected configurations

Nvd
Node
apachetomcatMatch3.3
OR
apachetomcatMatch3.3.1
OR
apachetomcatMatch3.3.1a
OR
apachetomcatMatch3.3.2
OR
apachetomcatMatch4.1.0
OR
apachetomcatMatch4.1.1
OR
apachetomcatMatch4.1.2
OR
apachetomcatMatch4.1.3
OR
apachetomcatMatch4.1.3beta
OR
apachetomcatMatch4.1.9beta
OR
apachetomcatMatch4.1.10
OR
apachetomcatMatch4.1.15
OR
apachetomcatMatch4.1.24
OR
apachetomcatMatch4.1.28
OR
apachetomcatMatch4.1.31
OR
apachetomcatMatch4.1.36
OR
apachetomcatMatch5.0.0
OR
apachetomcatMatch5.0.1
OR
apachetomcatMatch5.0.2
OR
apachetomcatMatch5.0.3
OR
apachetomcatMatch5.0.4
OR
apachetomcatMatch5.0.5
OR
apachetomcatMatch5.0.6
OR
apachetomcatMatch5.0.7
OR
apachetomcatMatch5.0.8
OR
apachetomcatMatch5.0.9
OR
apachetomcatMatch5.0.10
OR
apachetomcatMatch5.0.11
OR
apachetomcatMatch5.0.12
OR
apachetomcatMatch5.0.13
OR
apachetomcatMatch5.0.14
OR
apachetomcatMatch5.0.15
OR
apachetomcatMatch5.0.16
OR
apachetomcatMatch5.0.17
OR
apachetomcatMatch5.0.18
OR
apachetomcatMatch5.0.19
OR
apachetomcatMatch5.0.21
OR
apachetomcatMatch5.0.22
OR
apachetomcatMatch5.0.23
OR
apachetomcatMatch5.0.24
OR
apachetomcatMatch5.0.25
OR
apachetomcatMatch5.0.26
OR
apachetomcatMatch5.0.27
OR
apachetomcatMatch5.0.28
OR
apachetomcatMatch5.0.29
OR
apachetomcatMatch5.0.30
OR
apachetomcatMatch5.5.0
OR
apachetomcatMatch5.5.1
OR
apachetomcatMatch5.5.2
OR
apachetomcatMatch5.5.3
OR
apachetomcatMatch5.5.4
OR
apachetomcatMatch5.5.5
OR
apachetomcatMatch5.5.6
OR
apachetomcatMatch5.5.7
OR
apachetomcatMatch5.5.8
OR
apachetomcatMatch5.5.9
OR
apachetomcatMatch5.5.10
OR
apachetomcatMatch5.5.11
OR
apachetomcatMatch5.5.12
OR
apachetomcatMatch5.5.13
OR
apachetomcatMatch5.5.14
OR
apachetomcatMatch5.5.15
OR
apachetomcatMatch5.5.16
OR
apachetomcatMatch5.5.17
OR
apachetomcatMatch5.5.18
OR
apachetomcatMatch5.5.19
OR
apachetomcatMatch5.5.20
OR
apachetomcatMatch5.5.21
OR
apachetomcatMatch5.5.22
OR
apachetomcatMatch5.5.23
OR
apachetomcatMatch5.5.24
OR
apachetomcatMatch6.0.0
OR
apachetomcatMatch6.0.1
OR
apachetomcatMatch6.0.2
OR
apachetomcatMatch6.0.3
OR
apachetomcatMatch6.0.4
OR
apachetomcatMatch6.0.5
OR
apachetomcatMatch6.0.6
OR
apachetomcatMatch6.0.7
OR
apachetomcatMatch6.0.8
OR
apachetomcatMatch6.0.9
OR
apachetomcatMatch6.0.10
OR
apachetomcatMatch6.0.11
OR
apachetomcatMatch6.0.12
OR
apachetomcatMatch6.0.13
VendorProductVersionCPE
apachetomcat3.3cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
apachetomcat3.3.1cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
apachetomcat3.3.1acpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
apachetomcat3.3.2cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*
apachetomcat4.1.0cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
apachetomcat4.1.1cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
apachetomcat4.1.2cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
apachetomcat4.1.3cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
apachetomcat4.1.3cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
apachetomcat4.1.9cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
Rows per page:
1-10 of 851

References

Related

exploitpack 1
veracode 3
prion 2
cvelist 2
github 2
nvd 2
osv 4
securityvulns 3
ubuntucve 2
seebug 2
jvn 1
exploitdb 1
redhat 7
cve 1
centos 1
openvas 32
nessus 28
oraclelinux 1
debian 2
atlassian 2
tomcat 5
altlinux 1
fedora 5
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
veracode
veracode
Information Disclosure
2019-03-25 08:40:44
Session Hijacking
2018-11-12 08:37:47
Session Hijacking
2018-11-13 05:10:16
prion
prion
Design/Logic Flaw
2007-08-14 22:17:00
Code injection
2008-02-12 01:00:00
cvelist
cvelist
CVE-2007-3385
2007-08-14 22:00:00
CVE-2007-5333
2008-02-12 00:00:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
nvd
nvd
CVE-2007-3385
2007-08-14 22:17:00
CVE-2007-5333
2008-02-12 01:00:00
osv
osv
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
securityvulns
securityvulns
CVE-2007-3385: Handling of \" in cookies
2007-08-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
2009-01-28 00:00:00
ubuntucve
ubuntucve
CVE-2007-3385
2007-08-14 00:00:00
CVE-2007-5333
2008-02-12 00:00:00
seebug
seebug
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
jvn
jvn
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
redhat
redhat
(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update
2007-11-05 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
cve
cve
CVE-2007-5333
2008-02-12 01:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
openvas
openvas
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
Debian: Security Advisory (DSA-1453-1)
2008-01-17 00:00:00
nessus
nessus
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
tomcat
tomcat
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.041

Percentile

92.3%

JSON
Related for CVE-2007-3385
exploitpack1veracode3prion2cvelist2github2nvd2osv4securityvulns3ubuntucve2seebug2jvn1exploitdb1redhat7cve1centos1openvas32nessus28oraclelinux1debian2atlassian2tomcat5altlinux1fedora5