CVE-2007-3385

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Information Leak / Disclosure
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2004-0687, CVE-2004-0688, CVE-2004-0885, CVE-2004-0914, CVE-2005-0605, CVE-2005-2090, CVE-2005-3164, CVE-2005-3510, CVE-2005-3964, CVE-2005-4838, CVE-2006-0254, CVE-2006-0898, CVE-2006-1329, CVE-2006-3835, CVE-2006-3918, CVE-2006-5752, CVE-2006-7195, CVE-2006-7196, CVE-2006-7197, CVE-2007-0243, CVE-2007-0450, CVE-2007-1349, CVE-2007-1355, CVE-2007-1358, CVE-2007-1858, CVE-2007-1860, CVE-2007-1863, CVE-2007-2435, CVE-2007-2449, CVE-2007-2450, CVE-2007-2788, CVE-2007-2789, CVE-2007-3304, CVE-2007-3382, CVE-2007-3383, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-5116, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-5961, CVE-2007-6276, CVE-2007-6286, CVE-2007-6306, CVE-2007-6388, CVE-2008-0002, CVE-2008-0005, CVE-2008-0128, CVE-2008-0960, CVE-2008-1105, CVE-2008-1145, CVE-2008-1232, CVE-2008-1678, CVE-2008-1927, CVE-2008-2307, CVE-2008-2308, CVE-2008-2309, CVE-2008-2310, CVE-2008-2311, CVE-2008-2313, CVE-2008-2314, CVE-2008-2364, CVE-2008-2370, CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2939, CVE-2008-5515, CVE-2009-0023, CVE-2009-0033, CVE-2009-0580, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956, CVE-2009-2412, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555, CVE-2009-4901, CVE-2009-4902, CVE-2010-0407, CVE-2010-0434, CVE-2010-2227, CVE-2011-0286

Published on 15/08/07 - Updated on 25/03/19

Description

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2007-3385
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2007-AVI-362, CERTA-2008-AVI-343, CERTA-2009-AVI-032, CERTA-2011-AVI-221
Redhat RHSA-2008:0195, RHSA-2008:0261, RHSA-2008:0524, RHSA-2010:0602
Renater 2008/VULN061, 2008/VULN260, 2011/VULN335

Exploits

SecurityFocusBID-25316

Relative technologies

VendorProduct
apachetomcat

Share this vulnerability with:

Twitter Facebook LinkedIn Mail