Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-08-14 15:17
Updated : 2019-03-25 04:29
NVD link : CVE-2007-3385
Mitre link : CVE-2007-3385
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apache
- tomcat