Description

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Remediation

References

CVE-2007-3385

Related Vulnerabilities

WordPress Plugin Add New Default Avatar [Emrikol's Fork] Multiple Unspecified Vulnerabilities (2.0.1)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (4.0.2)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.28)

Oracle JRE CVE-2013-1487 Vulnerability (CVE-2013-1487)

WebLogic CVE-2021-2214 Vulnerability (CVE-2021-2214)

Severity

Medium

Classification

CVE-2007-3385 CWE-200

Tags

Missing Update Known Vulnerabilities