virus logo Intrusion Prevention

Apache.Tomcat.Cookie.Data.Processing.Information.Disclosure

description-logoDescription

A vulnerability has been identified in Apache Tomcat, which could be exploited by remote attackers to gain knowledge of sensitive information. This issue is caused by an error that occurs when processing cookies that contain a single quote or a \" character sequence. As a result, sensitive information such as session IDs may be leaked, allowing remote attackers to conduct session hijacking attacks.

affected-products-logoAffected Products

Apache Tomcat versions 6.0.0 - 6.0.13
Apache Tomcat versions 5.5.0 - 5.5.24
Apache Tomcat versions 5.0.0 - 5.0.30
Apache Tomcat versions 4.1.0 - 4.1.36
Apache Tomcat versions 3.3 - 3.3.2

Impact logoImpact

Information disclosure.

recomended-action-logoRecommended Actions

Upgrade to Apache Tomcat 6.0.14.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.exploit-db.com/exploits/9994 http://www.securityfocus.com/archive/1/archive/1/476444/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/476442/100/0/threaded
ID 14925
Created Aug 29, 2007
Updated Aug 29, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2007-5333 CVE-2007-3385 CVE-2007-3382
Exploit Prediction Score 12.63%
Default Action pass
Active
Affected OS Windows, Linux
Affected App Apache