Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-3382

Date: August 14, 2007

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Severity Score

Related Resources (50)

http://support.apple.com/kb/HT2163
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3382
http://www.vupen.com/english/advisories/2007/2902
http://secunia.com/advisories/27037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269
http://secunia.com/advisories/26466
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562
http://www.vupen.com/english/advisories/2009/0233
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://secunia.com/advisories/27727
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://www.debian.org/security/2008/dsa-1453
http://secunia.com/advisories/30802
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://secunia.com/advisories/29242
http://secunia.com/advisories/33668
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://securitytracker.com/id?1018556
http://www.vupen.com/english/advisories/2007/3386
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://www.debian.org/security/2008/dsa-1447
http://www.vupen.com/english/advisories/2008/1981/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
http://www.redhat.com/support/errata/RHSA-2007-0950.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
http://www.securityfocus.com/archive/1/476466/100/0/threaded
http://secunia.com/advisories/28361
http://www.securityfocus.com/bid/25316
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/36486
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.kb.cert.org/vuls/id/993544
https://access.redhat.com/security/cve/CVE-2007-3382
http://www.vupen.com/english/advisories/2007/3527
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://tomcat.apache.org/security-6.html
http://secunia.com/advisories/27267
http://secunia.com/advisories/28317
http://secunia.com/advisories/26898
http://www.redhat.com/support/errata/RHSA-2008-0261.html
https://nvd.nist.gov/vuln/detail/CVE-2007-3382
http://www.redhat.com/support/errata/RHSA-2007-0871.html
http://www.securityfocus.com/archive/1/476442/100/0/threaded
https://www.mend.io/vulnerability-database/CVE-2007-3382

Severity Score

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us