Vulnerability & Exploit Database

Back to search

Apache Tomcat Cookie Handling Session ID Disclosure Vulnerability (CVE-2007-5333)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) February 11, 2008 June 18, 2008 February 13, 2015

Description

Certain versions of Tomcat Apache fail to properly handle double qoute characters or %5C sequences in a cookie value. This vulnerability may be used to enable session hijack attacks via leaked session IDs.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

tomcat-4x-upgrade-4_1_37

Related Vulnerabilities