Launchpad.net

CVE 2007-3382

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Related bugs and status

CVE-2007-3382 (Candidate) is related to these bugs:

Bug #175505: [tomcat5] multiple vulnerabilities

		In	Importance	Status
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Dapper)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu)	Undecided	Fix Released
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Dapper)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Gutsy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Gutsy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Hardy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tomcat.apache.o...
CERT-VN: VU#993544
SECUNIA: 26466
BID: 25316
SECTRACK: 1018556
REDHAT: RHSA-2007:0871
SECUNIA: 26898
HP: HPSBUX02262
HP: SSRT071447
SECUNIA: 27037
HP: HPSBTU02276
HP: SSRT071472
SECUNIA: 27267
REDHAT: RHSA-2007:0950
FEDORA: FEDORA-2007-3456
SECUNIA: 27727
MANDRIVA: MDKSA-2007:241
DEBIAN: DSA-1447
DEBIAN: DSA-1453
SECUNIA: 28317
SECUNIA: 28361
SUSE: SUSE-SR:2008:005
SECUNIA: 29242
REDHAT: RHSA-2008:0195
REDHAT: RHSA-2008:0261
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-06-30
SECUNIA: 30802
CONFIRM: http://community.ca.co...
CONFIRM: http://support.ca.com/...
SECUNIA: 33668
SUSE: SUSE-SR:2009:004
AIXAPAR: IZ55562
SECUNIA: 36486
VUPEN: ADV-2007-2902
VUPEN: ADV-2007-3386
VUPEN: ADV-2007-3527
VUPEN: ADV-2008-1981
VUPEN: ADV-2009-0233
XF: tomcat-quotecookie-inf...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070814 CVE-2007-3382...
BUGTRAQ: 20070814 Re: CVE-2007-...
BUGTRAQ: 20090127 CA20090123-01...
BUGTRAQ: 20090124 CA20090123-01...
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20200213 ...