what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2007-5333

Status Candidate

Overview

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Related Files

HP Security Bulletin HPSBST02955 2
Posted Mar 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02955 2 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
SHA-256 | 6410ff7bef195c9761122d2dbcef0fcb62f17fc9f0e7743be62f8af8196a6887
HP Security Bulletin HPSBST02955
Posted Feb 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
SHA-256 | 7a0da1c21ab0ea1ff0e437cda710d643179e7469a520d96d54e7b1e4ad034845
HP Security Bulletin HPSBMU02894
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2007-5333, CVE-2009-3554, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-1483, CVE-2011-2196, CVE-2011-4605, CVE-2011-4858, CVE-2012-3546
SHA-256 | eacd5c85848fe70e3b06674a93d19b20ce220a3b1047e565ac14544a22f6e877
Mandriva Linux Security Advisory 2010-176
Posted Sep 13, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-176 - Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle characters or sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked this issue exists because of an incomplete fix for CVE-2007-3385. Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via. sequences and the WEB-INF directory in a Request. Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. Other issues have also been addressed.

tags | advisory, java, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2007-5333, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227
SHA-256 | fc7dd9c0367dbd633972bba44e45df2449d43149c7f42f5e75fdc5df99893222
Mandriva Linux Security Advisory 2009-018
Posted Jan 20, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-018 - Apache Tomcat does not properly handle certain characters in a cookie value, which could possibly lead to the leak of sensitive information such as session IDs. The updated packages have been patched to prevent this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-5333
SHA-256 | 98614484e520ab4e6fa316f874a86905a54e10edb8210f75140d3e082d529408
wikid-tomcat.txt
Posted Sep 17, 2008
Site wikidsystems.com

The WiKID Strong Authentication server has released an update for the Tomcat server associated with this software. It updates Tomcat to 5.5.27 to address a large amount of vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286
SHA-256 | a8c41c441cc362473d836e2155189f3679c6855e0acebd1877d9082428c45e77
VMware Security Advisory 2008-00010
Posted Jun 17, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated Tomcat and Java JRE packages have been made available for VMWare ESX 3.5. It is not a few updates either. Check out how many CVEs are covered. Judging by the CVE age, their turn around time on patching is quite sad.

tags | advisory, java
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689
SHA-256 | bdca972198318dc99cbe922fcffca76537d29df7f9248d8962802a8c0051113f
Gentoo Linux Security Advisory 200804-10
Posted Apr 10, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-10 - Multiple vulnerabilities in Tomcat may lead to local file overwriting, session hijacking or information disclosure. Versions less than 6.0.16 are affected.

tags | advisory, local, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002
SHA-256 | 8450c98731084fc3778d5989e4cdf6f3480430925f6a49b95dbac75077cc749c
CVE-2007-5333.txt
Posted Feb 11, 2008
Site tomcat.apache.org

Apache Tomcat versions 4.1.0 through 4.1.36, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14 suffers from a cookie handling vulnerability that allows for session hi-jacking.

tags | advisory
advisories | CVE-2007-5333
SHA-256 | b39d081913bab5de110b695d04a57477a5c95855e6a8d1817540793912383f76
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close