New Search

Apache Tomcat 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

oval:org.mitre.oval:def:11269

Apache Tomcat 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
  • Oracle Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-3382
Product(s):