Description
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
Remediation
References
Related Vulnerabilities
PostgreSQL CVE-2018-1058 Vulnerability (CVE-2018-1058)
OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)
Joomla! Core Directory Traversal (2.5.0 - 3.9.20)
WordPress Improper Privilege Management Vulnerability (CVE-2019-20043)
WordPress Plugin WP Booking Calendar Multiple Vulnerabilities (3.0.0)