CVE-2007-3385

Опубликовано: 14 авг. 2007

Источник: ubuntu

Приоритет: untriaged

EPSS Средний

CVSS2: 4.3

Описание

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Релиз	Статус	Примечание
dapper	ignored	end of life
devel	DNE
edgy	ignored	end of life, was needed
feisty	ignored	end of life, was needed
gutsy	DNE
hardy	DNE
intrepid	DNE
jaunty	DNE
karmic	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
dapper	DNE
devel	DNE
edgy	ignored	end of life, was needed
feisty	ignored	end of life, was needed
gutsy	released	5.5.25-1
hardy	released	5.5.25-1
intrepid	released	5.5.25-1
jaunty	released	5.5.25-1
karmic	DNE
upstream	released	5.5.25

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2007-3385

EPSS

Процентиль: 99%

0.69407

Средний

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2007-3385

redhat

почти 18 лет назад

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

CVE-2007-3385

nvd

почти 18 лет назад

CVE-2007-3385

debian

почти 18 лет назад

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...

GHSA-6j8f-66vh-39mj

github

около 3 лет назад

Apache Tomcat Mishandles Character Sequence in Cookies

ELSA-2007-0871

oracle-oval

больше 17 лет назад

ELSA-2007-0871: Moderate: tomcat security update (MODERATE)

EPSS

Процентиль: 99%

0.69407

Средний

4.3 Medium

CVSS2

CVE-2007-3385

Описание

Пакет tomcat5

Пакет tomcat5.5

Ссылки на источники

Связанные уязвимости