Description
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Disable Comments Cross-Site Scripting (1.3)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.4.5)
MySQL CVE-2017-3647 Vulnerability (CVE-2017-3647)
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)