CVE-2007-3385 - Secunia Advisories - Vulnerability Intelligence - Secunia.com

Vulnerability Intelligence

Vulnerability Scanning

Community - new!

Blog - new entry!

Corporate Information

Secunia Advisories

Secunia Research

Binary Analysis

Home > Vulnerability Intelligence > Secunia Advisories > CVE-2007-3385

Secunia Advisories

Advisories by Product

Advisories by Vendor

Historic Advisories

Mailing Lists & RSS

Report Vulnerability

Business Solutions Restricted

Restricted

Partner Solutions Restricted

Restricted

CVE Reference: CVE-2007-3385
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3385

Description: Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35999 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html ST 1018557 SREASON http://securityreason.com/securityalert/3011 SAID Secunia Advisory: SA28361 Secunia Advisory: SA28317 Secunia Advisory: SA27727 Secunia Advisory: SA27267 Secunia Advisory: SA27037 Secunia Advisory: SA26898 Secunia Advisory: SA26466 Secunia Advisory: SA29242 Secunia Advisory: SA30802 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.redhat.com/support/errata/RHSA-2007-0871.html http://www.redhat.com/support/errata/RHSA-2007-0950.html http://www.redhat.com/support/errata/RHSA-2008-0195.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1447 http://www.debian.org/security/2008/dsa-1453 CONFIRM http://support.apple.com/kb/HT2163 http://tomcat.apache.org/security-6.html CERT-VN 993544 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/476444/100/0/threaded BID 25316 APPLE http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Return to the previous page.

Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008