Description
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
Remediation
References
Related Vulnerabilities
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4629)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875)
WordPress Plugin Share Possible Remote Code Execution (1.0)
Oracle Application Server Other Vulnerability (CVE-2006-5353)
WordPress Plugin Permalink Manager Lite SQL Injection (2.2.12)