Definition


New Search

Apache Tomcat 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

oval:org.mitre.oval:def:11269

Apache Tomcat 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-3382
Product(s):