This issue is rated "LOW" by the Tomcat security team, it is fixed in version 6.0.14.
If possible tomcat 6 should be upgraded.
low: Session hi-jacking CVE-2007-3382
Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.
Affects: 6.0.0-6.0.13
low: Session hi-jacking CVE-2007-3385
Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.
Marc Schoenefeld [21/Aug/07 04:58 AM]
This issue is rated "LOW" by the Tomcat security team, it is fixed in version 6.0.14.
If possible tomcat 6 should be upgraded.
low: Session hi-jacking CVE-2007-3382
Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.
Affects: 6.0.0-6.0.13
low: Session hi-jacking CVE-2007-3385
Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.
Affects: 6.0.0-6.0.13
Bug
Resolved
Major
Fix Tomcat security vulnerabilities, CVE-2007-3382 and CVE-2007-3385
If possible tomcat 6 should be upgraded.
low: Session hi-jacking CVE-2007-3382
Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.
Affects: 6.0.0-6.0.13
low: Session hi-jacking CVE-2007-3385
Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.
Affects: 6.0.0-6.0.13