English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 74154 CVE descriptions
and 39337 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-3382
Description:Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
Test IDs: 1.3.6.1.4.1.25623.1.0.59876   1.3.6.1.4.1.25623.1.0.60108   1.3.6.1.4.1.25623.1.0.59877   1.3.6.1.4.1.25623.1.0.60102  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-3382
Bugtraq: 20070814 CVE-2007-3382: Handling of cookies containing a ' character (Google Search)
http://www.securityfocus.com/archive/1/archive/1/476442/100/0/threaded
Bugtraq: 20070814 Re: CVE-2007-3382: Handling of cookies containing a ' character (Google Search)
http://www.securityfocus.com/archive/1/archive/1/476466/100/0/threaded
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded
AIX APAR: IZ55562
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Debian Security Information: DSA-1447 (Google Search)
http://www.debian.org/security/2008/dsa-1447
Debian Security Information: DSA-1453 (Google Search)
http://www.debian.org/security/2008/dsa-1453
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: HPSBTU02276
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
HPdes Security Advisory: SSRT071472
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
RedHat Security Advisories: RHSA-2007:0871
http://www.redhat.com/support/errata/RHSA-2007-0871.html
RedHat Security Advisories: RHSA-2007:0950
http://www.redhat.com/support/errata/RHSA-2007-0950.html
RedHat Security Advisories: RHSA-2008:0195
http://www.redhat.com/support/errata/RHSA-2008-0195.html
RedHat Security Advisories: RHSA-2008:0261
http://www.redhat.com/support/errata/RHSA-2008-0261.html
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
CERT/CC vulnerability note: VU#993544
http://www.kb.cert.org/vuls/id/993544
BugTraq ID: 25316
http://www.securityfocus.com/bid/25316
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11269
http://secunia.com/advisories/36486
http://www.vupen.com/english/advisories/2007/2902
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2007/3527
http://www.vupen.com/english/advisories/2008/1981/references
http://www.vupen.com/english/advisories/2009/0233
http://securitytracker.com/id?1018556
http://secunia.com/advisories/26466
http://secunia.com/advisories/26898
http://secunia.com/advisories/27037
http://secunia.com/advisories/27267
http://secunia.com/advisories/27727
http://secunia.com/advisories/28317
http://secunia.com/advisories/28361
http://secunia.com/advisories/29242
http://secunia.com/advisories/30802
http://secunia.com/advisories/33668
XForce ISS Database: tomcat-quotecookie-information-disclosure(36006)
http://xforce.iss.net/xforce/xfdb/36006

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.