CVE-2007-3385
The MITRE CVE dictionary describes this issue as:
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
Find out more about CVE-2007-3385 from the MITRE CVE dictionary dictionary and NIST NVD.
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Application Stack v1 for Enterprise Linux AS (v.4) | RHSA-2007:0950 | 2007-11-05 |
| Red Hat Certificate System 7.3 for 4AS | RHSA-2010:0602 | 2010-08-04 |
| Red Hat Satellite v 4.1 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Developer Suite v.3 (AS v.4) (tomcat5) | RHSA-2008:0195 | 2008-04-28 |
| Red Hat Satellite 5.0 (RHEL v.4 AS) | RHSA-2008:0261 | 2008-05-20 |
| Red Hat Satellite v 4.2 (RHEL v.3 AS) | RHSA-2008:0524 | 2008-06-30 |
| Red Hat Satellite v 4.2 (RHEL v.3 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite v 4.0 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite v 4.2 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite 5.0 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Application Server v2 4AS (tomcat5) | RHSA-2007:0876 | 2007-10-11 |
| Red Hat Application Stack v2 for Enterprise Linux (v.5) | RHSA-2007:0950 | 2007-11-05 |
| Red Hat Satellite v 4.2 (RHEL v.4 AS) | RHSA-2008:0524 | 2008-06-30 |
| Red Hat Satellite v 4.0 (RHEL v.3 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Enterprise Linux 5 (tomcat5) | RHSA-2007:0871 | 2007-09-26 |
| Red Hat Satellite v 4.1 (RHEL v.3 AS) | RHSA-2007:1069 | 2007-11-26 |
CVE description copyright © 2017, The MITRE Corporation