Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2008-02-12T00:00:00
Updated: 2024-08-07T15:24:42.490Z
Reserved: 2007-10-10T00:00:00
Link: CVE-2007-5333
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-02-12T01:00:00.000
Modified: 2024-11-21T00:37:40.547
Link: CVE-2007-5333
Redhat