CVE-2007-3385

Impact:
Low
Public Date:
2007-08-14
Bugzilla:
247976: CVE-2007-3385 tomcat handling of cookie values

The MITRE CVE dictionary describes this issue as:

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Find out more about CVE-2007-3385 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (jbossas) RHSA-2007:0950 2007-11-05
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux version 5 (tomcat5) RHSA-2007:0871 2007-09-26
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2008:0195 2008-04-28
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Satellite v 4.1 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Application Server v2 4AS (tomcat5) RHSA-2007:0876 2007-10-11
Red Hat Application Stack v2 for Enterprise Linux (v.5) (jbossas) RHSA-2007:0950 2007-11-05
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.0 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.1 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26