CVE-2007-3382 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-3382
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3382

Description: Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36006 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html ST 1018556 SAID Secunia Advisory: SA27037 Secunia Advisory: SA26898 Secunia Advisory: SA26466 Secunia Advisory: SA27267 Secunia Advisory: SA27727 Secunia Advisory: SA28317 Secunia Advisory: SA28361 Secunia Advisory: SA29242 Secunia Advisory: SA30802 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.redhat.com/support/errata/RHSA-2008-0195.html http://www.redhat.com/support/errata/RHSA-2007-0871.html http://www.redhat.com/support/errata/RHSA-2007-0950.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1453 http://www.debian.org/security/2008/dsa-1447 CONFIRM http://support.apple.com/kb/HT2163 http://tomcat.apache.org/security-6.html CERT-VN 993544 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/476466/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/476442/100/0/threaded BID 25316 APPLE http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Return to the previous page.