Oval Definition:	oval:org.mitre.oval:def:11177
Revision Date: 2013-04-29 Version: 12 Title: Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. Description: Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2007-5333 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5 is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2
BACK