Red Hat Customer Portal

Skip to main content

CVE-2007-3382

Impact:
Low
Public Date:
2007-08-14
Bugzilla:
247972: CVE-2007-3382 tomcat handling of cookies

The MITRE CVE dictionary describes this issue as:

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Find out more about CVE-2007-3382 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) RHSA-2007:0950 2007-11-05
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Satellite v 4.1 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2008:0195 2008-04-28
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Application Server v2 4AS (tomcat5) RHSA-2007:0876 2007-10-11
Red Hat Application Stack v2 for Enterprise Linux (v.5) RHSA-2007:0950 2007-11-05
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.0 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2007:0871 2007-09-26
Red Hat Satellite v 4.1 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26

Affected Packages State

Platform Package State
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server berkeleydb 2.0.90-1jpp.ep1.1.el5 Fixed
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS berkeleydb 2.0.90-1jpp.ep1.1 Fixed

Last Modified