CVE-2007-5333

 

Published at: - 12-02-2008 02:00

Last modified: - 03-02-2022 08:42

Total changes: - 2

Description

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:N/A:N

 

Verification logic

 

Reference

• http://tomcat.apache.org/security-4.html
• http://tomcat.apache.org/security-5.html
• http://tomcat.apache.org/security-6.html
• 27706-Exploit, Patch, Third Party Advisory, VDB Entry
• JVN#09470767-Third Party Advisory, VDB Entry
• 28878-Broken Link
• 28884-Broken Link
• FEDORA-2008-1467-Third Party Advisory
• FEDORA-2008-1603-Third Party Advisory
• 28915-Broken Link
• GLSA-200804-10-Broken Link
• 29711-Broken Link
• 3636-Broken Link
• http://www.vmware.com/security/advisories/VMSA-2008-0010.html
• 30676-Broken Link
• 30802-Broken Link
• APPLE-SA-2008-06-30-Mailing List, Third Party Advisory
• http://support.apple.com/kb/HT2163
• http://www-01.ibm.com/support/docview.wss?uid=swg24018932
• IZ20991-Third Party Advisory
• 32036-Broken Link
• APPLE-SA-2008-10-09-Mailing List, Third Party Advisory
• 31681-Third Party Advisory, VDB Entry
• http://support.apple.com/kb/HT3216
• 32222-Broken Link
• http://www-01.ibm.com/support/docview.wss?uid=swg27012048
• http://www-01.ibm.com/support/docview.wss?uid=swg27012047
• 33330-Broken Link
• IZ20133-Third Party Advisory
• MDVSA-2009:018-Third Party Advisory
• SUSE-SR:2009:004-Third Party Advisory
• http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
• ADV-2009-3316-URL Repurposed
• https://bugzilla.redhat.com/show_bug.cgi?id=532111
• 37460-Broken Link
• http://www.vmware.com/security/advisories/VMSA-2009-0016.html
• MDVSA-2010:176-Third Party Advisory
• ADV-2008-0488-URL Repurposed
• ADV-2008-1981-URL Repurposed
• ADV-2008-1856-URL Repurposed
• ADV-2008-2690-URL Repurposed
• ADV-2008-2780-URL Repurposed
• 44183-Broken Link
• HPSBST02955-Mailing List, Third Party Advisory
• 57126-Broken Link
• oval:org.mitre.oval:def:11177-Tool Signature
• 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components-Third Party Advisory, VDB Entry
• 20080208 [SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities-Third Party Advisory, VDB Entry
• [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/-Mailing List, Vendor Advisory
• [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/-Mailing List, Vendor Advisory
• [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Mailing List, Vendor Advisory
• [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Mailing List, Vendor Advisory
• [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/-Mailing List, Vendor Advisory
• [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/-Mailing List, Vendor Advisory
• [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/-Mailing List, Vendor Advisory

 

Keywords

NVD

 

CVE-2007-5333

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures