CVE-2007-3382

NONECVSS 0.0

0.0

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

🔗 References (92)

secalert@redhathttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
secalert@redhathttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhathttp://secunia.com/advisories/26466
secalert@redhathttp://secunia.com/advisories/26898
secalert@redhathttp://secunia.com/advisories/27037
secalert@redhathttp://secunia.com/advisories/27267
secalert@redhathttp://secunia.com/advisories/27727
secalert@redhathttp://secunia.com/advisories/28317
secalert@redhathttp://secunia.com/advisories/28361
secalert@redhathttp://secunia.com/advisories/29242
secalert@redhathttp://secunia.com/advisories/30802

Is Your Infrastructure Affected by CVE-2007-3382?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-3382

📅 Published

🔄 Last Modified

🔗 References (92)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-3382?