|
|
Subscribe / Log in / New account

tomcat: multiple vulnerabilities

Package(s):tomcat CVE #(s):CVE-2007-3382 CVE-2007-3385 CVE-2007-3386
Created:September 26, 2007 Updated:September 13, 2010
Description: Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).

Alerts:
Mandriva MDVSA-2010:176 tomcat5 2010-09-12
SuSE SUSE-SR:2009:004 apache, audacity, dovecot, libtiff-devel, libvirt, mediawiki, netatalk, novell-ipsec-tools,opensc, perl, phpPgAdmin, sbl, sblim-sfcb, squirrelmail, swfdec, tomcat5, virtualbox, websphere-as_ce, wine, xine-devel 2009-02-17
Fedora FEDORA-2008-8130 tomcat5 2008-09-16
Red Hat RHSA-2008:0195-01 tomcat 2008-04-28
SuSE SUSE-SR:2008:005 acroread, asterisk, cacti, compat-openssl097g, icu, libcdio, wireshark/ethereal, Jakarta, perl-tk 2008-03-06
Fedora FEDORA-2008-1603 tomcat5 2008-02-13
Fedora FEDORA-2008-1467 tomcat5 2008-02-13
Debian DSA-1447-1 tomcat5.5 2008-01-03
Mandriva MDKSA-2007:241 tomcat5 2007-12-10
Fedora FEDORA-2007-3456 tomcat5 2007-11-17
Fedora FEDORA-2007-3474 tomcat5 2007-11-17
Red Hat RHSA-2007:0950-01 jboss 2007-11-05
Red Hat RHSA-2007:0876-01 tomcat 2007-10-11
Red Hat RHSA-2007:0871-01 tomcat 2007-09-26
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds