-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3385: Handling of \" in cookies
Severity: Low (Session Hi-jacking) Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 3.3 to 3.3.2 Description: Tomcat incorrectly handles the character sequence \" in a cookie value. In some circumstances this can lead to the leaking of information such as session ID to an attacker. Mitigation: Upgrade to 6.0.14 Credit: This issue was discovered by Tomasz Kuczynski, Poznan Supercomputing and Networking Center, who worked with the CERT/CC to report the vulnerability. Example: http://localhost:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B References: http://tomcat.apache.org/security.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGwSFlb7IeiTPGAkMRArdPAJ99AXYzSterU7oG+u8UrtQAd2lTZwCbBK2R hwRixKaYOwWyj5kD+fLT1ls= =hgTP -----END PGP SIGNATURE-----
