← volver
CVE-2007-5333

CVE-2007-5333

EPSS 62.6%
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/31130no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://jvn.jp/jp/JVN%2309470767/index.htmlhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://marc.info/?l=bugtraq&m=139344343412337&w=2https://bugzilla.redhat.com/show_bug.cgi?id=532111http://secunia.com/advisories/28878http://secunia.com/advisories/28884http://secunia.com/advisories/28915http://secunia.com/advisories/29711http://secunia.com/advisories/30676http://secunia.com/advisories/30802