Apache TomcatTOMCAT:EE775FB0489C8488CCA412D4F1D7F36EFixed in Apache Tomcat 5.5.26
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.126 Low
EPSS
Percentile
95.5%
Low: Session hi-jacking CVE-2007-5333
The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value.
Affects: 5.5.0-5.5.25
Low: Elevated privileges CVE-2007-5342
The JULI logging component allows web applications to provide their own logging configurations. The default security policy does not restrict this configuration and allows an untrusted web application to add files or overwrite existing files where the Tomcat process has the necessary file permissions to do so.
Affects: 5.5.9-5.5.25
Important: Information disclosure CVE-2007-5461
When Tomcat’s WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned to the client.
Affects: 5.5.0-5.5.25
Important: Data integrity CVE-2007-6286
When using the native (APR based) connector, connecting to the SSL port using netcat and then disconnecting without sending any data will cause tomcat to handle a duplicate copy of one of the recent requests.
Affects: 5.5.11-5.5.25
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache tomcat | ge | 5.5.0 | |
| apache tomcat | ge | 5.5.11 | |
| apache tomcat | le | 5.5.25 | |
| apache tomcat | ge | 5.5.9 |
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.126 Low
EPSS
Percentile
95.5%