Description

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Remediation

References

CVE-2007-3382

Related Vulnerabilities

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-28955)

PHP Resource Management Errors Vulnerability (CVE-2011-1148)

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4335)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Security Bypass (6.9.11)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Unspecified Vulnerability (5.1.2)

Severity

Medium

Classification

CVE-2007-3382 CWE-200

Tags

Missing Update Known Vulnerabilities