exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2007-3385

Status Candidate

Overview

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Related Files

CA20090123-01.txt
Posted Jan 27, 2009
Authored by Ken Williams | Site www3.ca.com

Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.

tags | advisory, arbitrary
advisories | CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-1355, CVE-2007-1358, CVE-2007-1858, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2008-0128
SHA-256 | c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65
Debian Linux Security Advisory 1453-1
Posted Jan 7, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1453-1 - Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-3382, CVE-2007-3385, CVE-2007-5461
SHA-256 | f0058027bd81c3df7af449fda82679ec96ba240bf2e3ddb5747c63b2d40e77c2
Debian Linux Security Advisory 1447-1
Posted Jan 3, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1447-1 - Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2007-5342, CVE-2007-5461
SHA-256 | 91286084de6fabad091323f5c5e9ea91ee94bbf9a6a7a461d72e6d0ef37ce72b
Mandriva Linux Security Advisory 2007.241
Posted Dec 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in Tomcat 5. These issues include directory traversal, cross site scripting, and information disclosure flaws.

tags | advisory, vulnerability, xss, info disclosure
systems | linux, mandriva
advisories | CVE-2007-0450, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2007-5461
SHA-256 | fc928971bbba5d3ec38a4c957bde2d5e37d0286c0cd61065975c4ce864e7e40a
HP Security Bulletin 2007-14.72
Posted Oct 16, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential vulnerabilities have been identified with HP Tru64 UNIX Running Apache Tomcat. The vulnerabilities could be exploited to allow remote unauthorized access or remote Denial of Service (DoS).

tags | advisory, remote, denial of service, vulnerability
systems | unix
advisories | CVE-2007-3382, CVE-2007-3385, CVE-2007-3386
SHA-256 | de95b703ae27905244929a81dfaf4b6bf5c747e249ce10b9d74fa61a35b1396a
HP Security Bulletin 2007-14.47
Posted Oct 10, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.

tags | advisory, arbitrary, vulnerability, xss
systems | hpux
advisories | CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386
SHA-256 | 85ce851efccb71b60d9f0e47f9402e4ce2d6740afac5c78fc233d8379f869bc3
CVE-2007-3385.txt
Posted Aug 14, 2007
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle \ characters in cookies.

tags | advisory
advisories | CVE-2007-3385
SHA-256 | e5589b41bdac2a0cffbf674971524413fe5a6341732f9a0f585fadb94c8d0951
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close