Vulnerability & Exploit Database

Back to search

Apache Tomcat Cookie Handling Session ID Disclosure Vulnerability (CVE-2007-5333)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) February 10, 2008 June 17, 2008 February 12, 2015

Description

Certain versions of Tomcat Apache fail to properly handle double qoute characters or %5C sequences in a cookie value. This vulnerability may be used to enable session hijack attacks via leaked session IDs.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

tomcat-4x-upgrade-4_1_37

Related Vulnerabilities