Description
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
Remediation
References
Related Vulnerabilities
OpenVPN AS Divide By Zero Vulnerability (CVE-2023-46849)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1005)
WordPress Plugin Smart Email Alerts Cross-Site Scripting (1.0.10)
Internet Information Services Other Vulnerability (CVE-1999-1538)
PHP-Fusion Improper Privilege Management Vulnerability (CVE-2020-24949)