Apache.Tomcat.Cookie.Data.Processing.Information.Disclosure
Description
A vulnerability has been identified in Apache Tomcat, which could be exploited by remote attackers to gain knowledge of sensitive information. This issue is caused by an error that occurs when processing cookies that contain a single quote or a \" character sequence. As a result, sensitive information such as session IDs may be leaked, allowing remote attackers to conduct session hijacking attacks.
Affected Products
Apache Tomcat versions 6.0.0 - 6.0.13
Apache Tomcat versions 5.5.0 - 5.5.24
Apache Tomcat versions 5.0.0 - 5.0.30
Apache Tomcat versions 4.1.0 - 4.1.36
Apache Tomcat versions 3.3 - 3.3.2
Impact
Information disclosure.
Recommended Actions
Upgrade to Apache Tomcat 6.0.14.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |