Description

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Remediation

References

CVE-2007-3385

Related Vulnerabilities

PostgreSQL CVE-2018-1058 Vulnerability (CVE-2018-1058)

OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)

Joomla! Core Directory Traversal (2.5.0 - 3.9.20)

WordPress Improper Privilege Management Vulnerability (CVE-2019-20043)

WordPress Plugin WP Booking Calendar Multiple Vulnerabilities (3.0.0)

Severity

Medium

Classification

CVE-2007-3385 CWE-200

Tags

Missing Update Known Vulnerabilities