Description

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Remediation

References

CVE-2007-3382

Related Vulnerabilities

Ruby Numeric Errors Vulnerability (CVE-2008-2376)

Dotclear Improper Access Control Vulnerability (CVE-2015-8832)

WordPress Plugin H5P CSS Editor Cross-Site Scripting (1.0)

IBM WebSEAL Improper Authentication Vulnerability (CVE-2018-1443)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.1)

Severity

Medium

Classification

CVE-2007-3382 CWE-200

Tags

Missing Update Known Vulnerabilities