Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
Severity: : Medium
CVE Kennungen: : CVE-2007-5333
Advisory Date: 27 de sierpnia de 2015
DESCRIPTION
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
INFORMATION EXPOSURE
- 1001074 - Apache Tomcat Cookie Handling Session ID Disclosure
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1001074
Trend Micro Deep Security DPI Rule Name: 1001074 - Apache Tomcat Cookie Handling Session ID Disclosure
AFFECTED SOFTWARE AND VERSION:
- apache tomcat 4.1.10
- apache tomcat 4.1.12
- apache tomcat 4.1.24
- apache tomcat 4.1.3
- apache tomcat 4.1.31
- apache tomcat 4.1.36
- apache tomcat 4.1.9
- apache tomcat 5.0.1
- apache tomcat 5.0.10
- apache tomcat 5.0.11
- apache tomcat 5.0.12
- apache tomcat 5.0.13
- apache tomcat 5.0.14
- apache tomcat 5.0.15
- apache tomcat 5.0.16
- apache tomcat 5.0.19
- apache tomcat 5.0.2
- apache tomcat 5.0.28
- apache tomcat 5.0.3
- apache tomcat 5.0.30
- apache tomcat 5.0.4
- apache tomcat 5.0.5
- apache tomcat 5.0.6
- apache tomcat 5.0.7
- apache tomcat 5.0.8
- apache tomcat 5.0.9
- apache tomcat 5.5.1
- apache tomcat 5.5.10
- apache tomcat 5.5.11
- apache tomcat 5.5.12
- apache tomcat 5.5.13
- apache tomcat 5.5.14
- apache tomcat 5.5.15
- apache tomcat 5.5.16
- apache tomcat 5.5.17
- apache tomcat 5.5.18
- apache tomcat 5.5.19
- apache tomcat 5.5.2
- apache tomcat 5.5.20
- apache tomcat 5.5.21
- apache tomcat 5.5.22
- apache tomcat 5.5.23
- apache tomcat 5.5.24
- apache tomcat 5.5.25
- apache tomcat 5.5.3
- apache tomcat 5.5.4
- apache tomcat 5.5.5
- apache tomcat 5.5.6
- apache tomcat 5.5.7
- apache tomcat 5.5.8
- apache tomcat 5.5.9
- apache tomcat 6.0
- apache tomcat 6.0.1
- apache tomcat 6.0.10
- apache tomcat 6.0.11
- apache tomcat 6.0.12
- apache tomcat 6.0.13
- apache tomcat 6.0.14
- apache tomcat 6.0.15
- apache tomcat 6.0.2
- apache tomcat 6.0.3
- apache tomcat 6.0.4
- apache tomcat 6.0.5
- apache tomcat 6.0.6
- apache tomcat 6.0.7
- apache tomcat 6.0.8
- apache tomcat 6.0.9
- apache_software_foundation tomcat 4.1
- apache_software_foundation tomcat 4.1.32
- apache_software_foundation tomcat 4.1.34
- apache_software_foundation tomcat 4.1.37
- apache_software_foundation tomcat 5.0
- apache_software_foundation tomcat 5.1
- apache_software_foundation tomcat 5.2
- apache_software_foundation tomcat 5.3
- apache_software_foundation tomcat 5.4
- apache_software_foundation tomcat 5.5