GoogleOSV:DSA-1453-1

HistoryJan 07, 2008 - 12:00 a.m.

tomcat5 - several vulnerabilities

2008-01-0700:00:00

Google

osv.dev

0.066 Low

EPSS

Percentile

93.8%

JSON

Several remote vulnerabilities have been discovered in the Tomcat
servlet and JSP engine. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-3382

It was discovered that single quotes (') in cookies were treated
as a delimiter, which could lead to an information leak.

CVE-2007-3385

It was discovered that the character sequence " in cookies was
handled incorrectly, which could lead to an information leak.

CVE-2007-5461

It was discovered that the WebDAV servlet is vulnerable to absolute
path traversal.

The old stable distribution (sarge) doesn’t contain tomcat5.

For the stable distribution (etch), these problems have been fixed in
version 5.0.30-12etch1.

The unstable distribution (sid) no longer contains tomcat5.

We recommend that you upgrade your tomcat5 packages.

CPENameOperatorVersion
tomcat5eq5.0.30-12

CPE	Name	Operator	Version
	tomcat5	eq	5.0.30-12

References

www.debian.org/security/2008/dsa-1453

openvas

Debian Security Advisory DSA 1453-1 (tomcat5)

2008-01-17 00:00:00

Debian: Security Advisory (DSA-1453-1)

2008-01-17 00:00:00

Debian Security Advisory DSA 1447-1 (tomcat5.5)

2008-01-17 00:00:00

nessus

Debian DSA-1453-1 : tomcat5 - several vulnerabilities

2008-01-08 00:00:00

Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities

2008-01-07 00:00:00

Oracle Linux 5 : tomcat (ELSA-2007-0871)

2013-07-12 00:00:00

debian

[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities

2008-01-07 18:41:20

[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

2008-01-03 21:54:49

redhat

(RHSA-2008:0195) Moderate: tomcat security update

2008-04-28 00:00:00

(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update

2007-11-05 00:00:00

(RHSA-2007:0871) Moderate: tomcat security update

2007-09-26 00:00:00

seebug

Apache Tomcat多个远程信息泄露漏洞

2007-08-23 00:00:00

Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability

2014-07-01 00:00:00

Apache Tomcat WebDav远程信息泄露漏洞

2007-10-28 00:00:00

veracode

Session Hijacking

2018-11-13 05:10:16

Information Disclosure

2019-03-25 08:40:44

Path Traversal

2018-11-12 08:02:36

osv

tomcat5.5 several vulnerabilities

2008-01-03 00:00:00

Apache Tomcat treats single quotes as delimiters in cookies

2022-05-01 18:13:14

Apache Tomcat Mishandles Character Sequence in Cookies

2022-05-01 18:13:14

centos

tomcat5 security update

2007-09-28 08:11:50

tomcat5 security update

2008-03-19 00:04:06

oraclelinux

Moderate: tomcat security update

2007-09-26 00:00:00

Moderate: tomcat security update

2008-03-11 00:00:00

atlassian

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

fedora

[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8

2007-11-17 05:37:36

[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7

2007-11-17 05:34:43

[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7

2008-02-13 04:55:03

altlinux

Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0

2007-11-30 00:00:00

tomcat

Fixed in Apache Tomcat 5.5.25, 5.0.SVN

2007-09-08 00:00:00

Fixed in Apache Tomcat 6.0.14

2007-08-13 00:00:00

Fixed in Apache Tomcat 4.1.37

2005-10-06 00:00:00

prion

Design/Logic Flaw

2007-08-14 22:17:00

Session fixation

2007-08-14 22:17:00

Path traversal

2007-10-15 18:17:00

cvelist

CVE-2007-3385

2007-08-14 22:00:00

CVE-2007-3382

2007-08-14 22:00:00

CVE-2007-5461

2007-10-15 18:00:00

exploitpack

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure

2008-02-09 00:00:00

github

Apache Tomcat Mishandles Character Sequence in Cookies

2022-05-01 18:13:14

Apache Tomcat treats single quotes as delimiters in cookies

2022-05-01 18:13:14

Apache Tomcat Path Traversal Vulnerability

2022-05-01 18:33:34

nvd

CVE-2007-3385

2007-08-14 22:17:00

CVE-2007-3382

2007-08-14 22:17:00

CVE-2007-5461

2007-10-15 18:17:00

cert

Apache Tomcat fails to properly handle cookies containing single quotes

2007-08-14 00:00:00

cve

CVE-2007-3382

2007-08-14 22:17:00

CVE-2007-5461

2007-10-15 18:17:00

CVE-2007-3385

2007-08-14 22:17:00

securityvulns

CVE-2007-3382: Handling of cookies containing a ' character

2007-08-14 00:00:00

CVE-2007-3385: Handling of \" in cookies

2007-08-14 00:00:00

Apache Tomcat multiple security vulnerabilities

2007-08-14 00:00:00

ubuntucve

CVE-2007-3382

2007-08-14 00:00:00

CVE-2007-3385

2007-08-14 00:00:00

CVE-2007-5461

2007-10-15 00:00:00

checkpoint_advisories

Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)

2013-11-18 00:00:00

exploitdb

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure

2008-02-09 00:00:00

jvn

JVN#09470767 Apache Tomcat fails to properly handle cookie value

2008-02-12 00:00:00

redhatcve

CVE-2007-5731

2019-10-04 21:11:49

gentoo

Tomcat: Multiple vulnerabilities

2008-04-10 00:00:00

vmware

Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

2008-06-16 00:00:00

Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

2008-06-16 00:00:00

VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components

2009-11-20 00:00:00

ibm

Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

2023-01-27 10:54:22

tomcat5 - several vulnerabilities

References

Related