Red Hat Customer Portal

Skip to main content

CVE-2007-3385

Impact:
Low
Public Date:
2007-08-14
Bugzilla:
247976: CVE-2007-3385 tomcat handling of cookie values

The MITRE CVE dictionary describes this issue as:

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Find out more about CVE-2007-3385 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (rh-eap-docs) RHSA-2007:0950 2007-11-05
Red Hat Certificate System 7.3 for 4AS (xml-commons) RHSA-2010:0602 2010-08-04
Red Hat Satellite v 4.1 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2008:0195 2008-04-28
Red Hat Satellite 5.0 (RHEL v.4 AS) (tomcat5) RHSA-2008:0261 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.0 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Application Server v2 4AS (tomcat5) RHSA-2007:0876 2007-10-11
Red Hat Application Stack v2 for Enterprise Linux (v.5) (rh-eap-docs) RHSA-2007:0950 2007-11-05
Red Hat Satellite v 4.2 (RHEL v.4 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.0 (RHEL v.3 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2007:0871 2007-09-26
Red Hat Satellite v 4.1 (RHEL v.3 AS) (tyrex) RHSA-2007:1069 2007-11-26

Affected Packages State

Platform Package State
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server berkeleydb 2.0.90-1jpp.ep1.1.el5 Fixed
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS berkeleydb 2.0.90-1jpp.ep1.1 Fixed

Last Modified