Back to search
CVE-2007-5333
Published: Feb 12, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2008-2690
vdb-entry
x_refsource_VUPEN
33330
third-party-advisory
x_refsource_SECUNIA
http://tomcat.apache.org/security-4.html
x_refsource_CONFIRM
http://support.apple.com/kb/HT2163
x_refsource_CONFIRM
30676
third-party-advisory
x_refsource_SECUNIA
27706
vdb-entry
x_refsource_BID
3636
third-party-advisory
x_refsource_SREASON
JVN#09470767
third-party-advisory
x_refsource_JVN
ADV-2008-1981
vdb-entry
x_refsource_VUPEN
IZ20133
vendor-advisory
x_refsource_AIXAPAR
oval:org.mitre.oval:def:11177
vdb-entry
signature
x_refsource_OVAL
28915
third-party-advisory
x_refsource_SECUNIA
37460
third-party-advisory
x_refsource_SECUNIA
IZ20991
vendor-advisory
x_refsource_AIXAPAR
31681
vdb-entry
x_refsource_BID
28884
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
x_refsource_CONFIRM
20080208 [SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities
mailing-list
x_refsource_BUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=swg27012048
x_refsource_CONFIRM
28878
third-party-advisory
x_refsource_SECUNIA
32036
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0488
vdb-entry
x_refsource_VUPEN
44183
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-06-30
vendor-advisory
x_refsource_APPLE
MDVSA-2010:176
vendor-advisory
x_refsource_MANDRIVA
SUSE-SR:2009:004
vendor-advisory
x_refsource_SUSE
MDVSA-2009:018
vendor-advisory
x_refsource_MANDRIVA
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
57126
third-party-advisory
x_refsource_SECUNIA
32222
third-party-advisory
x_refsource_SECUNIA
30802
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg27012047
x_refsource_CONFIRM
FEDORA-2008-1467
vendor-advisory
x_refsource_FEDORA
GLSA-200804-10
vendor-advisory
x_refsource_GENTOO
FEDORA-2008-1603
vendor-advisory
x_refsource_FEDORA
ADV-2008-1856
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
x_refsource_CONFIRM
http://tomcat.apache.org/security-5.html
x_refsource_CONFIRM
ADV-2008-2780
vdb-entry
x_refsource_VUPEN
HPSBST02955
vendor-advisory
x_refsource_HP
APPLE-SA-2008-10-09
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT3216
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24018932
x_refsource_CONFIRM
29711
third-party-advisory
x_refsource_SECUNIA
ADV-2009-3316
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=532111
x_refsource_CONFIRM
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now