CVE-2007-3385

NONECVSS 0.0

0.0

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

🔗 References (102)

secalert@redhathttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
secalert@redhathttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhathttp://secunia.com/advisories/26466
secalert@redhathttp://secunia.com/advisories/26898
secalert@redhathttp://secunia.com/advisories/27037
secalert@redhathttp://secunia.com/advisories/27267
secalert@redhathttp://secunia.com/advisories/27727
secalert@redhathttp://secunia.com/advisories/28317
secalert@redhathttp://secunia.com/advisories/28361
secalert@redhathttp://secunia.com/advisories/29242
secalert@redhathttp://secunia.com/advisories/30802

Is Your Infrastructure Affected by CVE-2007-3385?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-3385

📅 Published

🔄 Last Modified

🔗 References (102)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-3385?