Severity: : Medium
  CVE Kennungen: : CVE-2007-5333
  Advisory Date: 27 de sierpnia de 2015

  DESCRIPTION

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

  INFORMATION EXPOSURE

  • 1001074 - Apache Tomcat Cookie Handling Session ID Disclosure

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1001074
  Trend Micro Deep Security DPI Rule Name: 1001074 - Apache Tomcat Cookie Handling Session ID Disclosure

  AFFECTED SOFTWARE AND VERSION:

  • apache tomcat 4.1.10
  • apache tomcat 4.1.12
  • apache tomcat 4.1.24
  • apache tomcat 4.1.3
  • apache tomcat 4.1.31
  • apache tomcat 4.1.36
  • apache tomcat 4.1.9
  • apache tomcat 5.0.1
  • apache tomcat 5.0.10
  • apache tomcat 5.0.11
  • apache tomcat 5.0.12
  • apache tomcat 5.0.13
  • apache tomcat 5.0.14
  • apache tomcat 5.0.15
  • apache tomcat 5.0.16
  • apache tomcat 5.0.19
  • apache tomcat 5.0.2
  • apache tomcat 5.0.28
  • apache tomcat 5.0.3
  • apache tomcat 5.0.30
  • apache tomcat 5.0.4
  • apache tomcat 5.0.5
  • apache tomcat 5.0.6
  • apache tomcat 5.0.7
  • apache tomcat 5.0.8
  • apache tomcat 5.0.9
  • apache tomcat 5.5.1
  • apache tomcat 5.5.10
  • apache tomcat 5.5.11
  • apache tomcat 5.5.12
  • apache tomcat 5.5.13
  • apache tomcat 5.5.14
  • apache tomcat 5.5.15
  • apache tomcat 5.5.16
  • apache tomcat 5.5.17
  • apache tomcat 5.5.18
  • apache tomcat 5.5.19
  • apache tomcat 5.5.2
  • apache tomcat 5.5.20
  • apache tomcat 5.5.21
  • apache tomcat 5.5.22
  • apache tomcat 5.5.23
  • apache tomcat 5.5.24
  • apache tomcat 5.5.25
  • apache tomcat 5.5.3
  • apache tomcat 5.5.4
  • apache tomcat 5.5.5
  • apache tomcat 5.5.6
  • apache tomcat 5.5.7
  • apache tomcat 5.5.8
  • apache tomcat 5.5.9
  • apache tomcat 6.0
  • apache tomcat 6.0.1
  • apache tomcat 6.0.10
  • apache tomcat 6.0.11
  • apache tomcat 6.0.12
  • apache tomcat 6.0.13
  • apache tomcat 6.0.14
  • apache tomcat 6.0.15
  • apache tomcat 6.0.2
  • apache tomcat 6.0.3
  • apache tomcat 6.0.4
  • apache tomcat 6.0.5
  • apache tomcat 6.0.6
  • apache tomcat 6.0.7
  • apache tomcat 6.0.8
  • apache tomcat 6.0.9
  • apache_software_foundation tomcat 4.1
  • apache_software_foundation tomcat 4.1.32
  • apache_software_foundation tomcat 4.1.34
  • apache_software_foundation tomcat 4.1.37
  • apache_software_foundation tomcat 5.0
  • apache_software_foundation tomcat 5.1
  • apache_software_foundation tomcat 5.2
  • apache_software_foundation tomcat 5.3
  • apache_software_foundation tomcat 5.4
  • apache_software_foundation tomcat 5.5