CVE-2007-5333

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Published Bysecalert@redhat.com

Published DateFeb 12, 2008, 01:00

Affected Versions(3)

org.apache.tomcat:tomcat(Maven)

Introduced6.0.0

Fixed6.0.15

LimitN/A

org.apache.tomcat:tomcat(Maven)

Introduced5.5.0

Fixed5.5.26

LimitN/A

org.apache.tomcat:tomcat(Maven)

Introduced4.1.0

Fixed4.1.37

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.tomcat:tomcat(Maven)	6.0.0	6.0.15	N/A
org.apache.tomcat:tomcat(Maven)	5.5.0	5.5.26	N/A
org.apache.tomcat:tomcat(Maven)	4.1.0	4.1.37	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE