GHSA-6j8f-66vh-39mj

Source

https://github.com/advisories/GHSA-6j8f-66vh-39mj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6j8f-66vh-39mj/GHSA-6j8f-66vh-39mj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6j8f-66vh-39mj

Aliases

CVE-2007-3385

Published

2022-05-01T18:13:14Z

Modified

2023-11-08T03:56:48.186761Z

Summary

Apache Tomcat Mishandles Character Sequence in Cookies

Details

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Database specific

{
    "nvd_published_at": "2007-08-14T22:17:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-22T21:05:29Z"
}

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Last affected

6.0.13

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.5.0

Last affected

5.5.24

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Last affected

5.0.30

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Last affected

4.1.36

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.0

Last affected

3.3.2