Description

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Remediation

References

CVE-2007-3382

Related Vulnerabilities

WordPress Plugin Olimometer SQL Injection (2.56)

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-19520)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.7.0.0)

Python CVE-2019-16056 Vulnerability (CVE-2019-16056)

e107 Other Vulnerability (CVE-2006-4794)

Severity

Medium

Classification

CVE-2007-3382 CWE-200

Tags

Missing Update Known Vulnerabilities