Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
References
Link Providers
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html cve-icon cve-icon
http://secunia.com/advisories/26466 cve-icon cve-icon
http://secunia.com/advisories/26898 cve-icon cve-icon
http://secunia.com/advisories/27037 cve-icon cve-icon
http://secunia.com/advisories/27267 cve-icon cve-icon
http://secunia.com/advisories/27727 cve-icon cve-icon
http://secunia.com/advisories/28317 cve-icon cve-icon
http://secunia.com/advisories/28361 cve-icon cve-icon
http://secunia.com/advisories/29242 cve-icon cve-icon
http://secunia.com/advisories/30802 cve-icon cve-icon
http://secunia.com/advisories/33668 cve-icon cve-icon
http://secunia.com/advisories/36486 cve-icon cve-icon
http://securitytracker.com/id?1018556 cve-icon cve-icon
http://support.apple.com/kb/HT2163 cve-icon cve-icon
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 cve-icon cve-icon
http://tomcat.apache.org/security-6.html cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1447 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1453 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/993544 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0871.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0950.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0195.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0261.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/476442/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/476466/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/500396/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/500412/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/25316 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/2902 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3386 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3527 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/1981/references cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/0233 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/36006 cve-icon cve-icon
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-3382 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-3382 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-08-14T22:00:00

Updated: 2024-08-07T14:14:12.904Z

Reserved: 2007-06-25T00:00:00

Link: CVE-2007-3382

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-08-14T22:17:00.000

Modified: 2024-11-21T00:33:06.087

Link: CVE-2007-3382

cve-icon Redhat

Severity : Low

Publid Date: 2007-08-14T00:00:00Z

Links: CVE-2007-3382 - Bugzilla