Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2007-3385

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

  • Published: Aug 15, 2007
  • Updated: Apr 13, 2023
  • CVE: CVE-2007-3385
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
apache / tomcat 4.1.2 4.1.2.x
apache / tomcat 4.1.36 4.1.36.x
apache / tomcat 4.1.9-beta 4.1.9-beta.x
apache / tomcat 5.5.18 5.5.18.x
apache / tomcat 5.0.8 5.0.8.x
apache / tomcat 5.0.19 5.0.19.x
apache / tomcat 6.0.6 6.0.6.x
apache / tomcat 6.0.11 6.0.11.x
apache / tomcat 5.5.12 5.5.12.x
apache / tomcat 5.0.14 5.0.14.x
apache / tomcat 5.5.14 5.5.14.x
apache / tomcat 4.1.24 4.1.24.x
apache / tomcat 5.5.10 5.5.10.x
apache / tomcat 5.0.22 5.0.22.x
apache / tomcat 5.5.4 5.5.4.x
apache / tomcat 5.5.7 5.5.7.x
apache / tomcat 5.5.1 5.5.1.x
apache / tomcat 5.0.7 5.0.7.x
apache / tomcat 6.0.7 6.0.7.x
apache / tomcat 5.5.11 5.5.11.x
apache / tomcat 6.0.4 6.0.4.x
apache / tomcat 5.5.6 5.5.6.x
apache / tomcat 5.0.9 5.0.9.x
apache / tomcat 5.0.15 5.0.15.x
apache / tomcat 3.3.2 3.3.2.x
apache / tomcat 5.0.30 5.0.30.x
apache / tomcat 5.5.20 5.5.20.x
apache / tomcat 5.5.15 5.5.15.x
apache / tomcat 5.0.23 5.0.23.x
apache / tomcat 5.0.2 5.0.2.x
apache / tomcat 5.5.5 5.5.5.x
apache / tomcat 5.0.10 5.0.10.x
apache / tomcat 5.0.21 5.0.21.x
apache / tomcat 5.0.26 5.0.26.x
apache / tomcat 5.5.21 5.5.21.x
apache / tomcat 5.5.22 5.5.22.x
apache / tomcat 6.0.10 6.0.10.x
apache / tomcat 6.0.3 6.0.3.x
apache / tomcat 5.0.0 5.0.0.x
apache / tomcat 5.0.6 5.0.6.x
apache / tomcat 6.0.9 6.0.9.x
apache / tomcat 4.1.31 4.1.31.x
apache / tomcat 5.5.3 5.5.3.x
apache / tomcat 5.0.27 5.0.27.x
apache / tomcat 5.0.16 5.0.16.x
apache / tomcat 5.5.9 5.5.9.x
apache / tomcat 5.0.18 5.0.18.x
apache / tomcat 6.0.0 6.0.0.x
apache / tomcat 3.3.1a 3.3.1a.x
apache / tomcat 5.5.2 5.5.2.x
apache / tomcat 5.0.5 5.0.5.x
apache / tomcat 5.0.28 5.0.28.x
apache / tomcat 5.0.29 5.0.29.x
apache / tomcat 5.5.0 5.5.0.x
apache / tomcat 4.1.1 4.1.1.x
apache / tomcat 5.5.13 5.5.13.x
apache / tomcat 6.0.1 6.0.1.x
apache / tomcat 6.0.12 6.0.12.x
apache / tomcat 5.5.24 5.5.24.x
apache / tomcat 4.1.28 4.1.28.x
apache / tomcat 5.0.13 5.0.13.x
apache / tomcat 4.1.15 4.1.15.x
apache / tomcat 4.1.3-beta 4.1.3-beta.x
apache / tomcat 4.1.10 4.1.10.x
apache / tomcat 5.5.8 5.5.8.x
apache / tomcat 5.0.17 5.0.17.x
apache / tomcat 5.5.16 5.5.16.x
apache / tomcat 4.1.0 4.1.0.x
apache / tomcat 6.0.5 6.0.5.x
apache / tomcat 5.5.17 5.5.17.x
apache / tomcat 4.1.3 4.1.3.x
apache / tomcat 5.5.19 5.5.19.x
apache / tomcat 5.0.4 5.0.4.x
apache / tomcat 6.0.2 6.0.2.x
apache / tomcat 5.0.25 5.0.25.x
apache / tomcat 6.0.13 6.0.13.x
apache / tomcat 5.0.1 5.0.1.x
apache / tomcat 3.3.1 3.3.1.x
apache / tomcat 5.0.11 5.0.11.x
apache / tomcat 5.5.23 5.5.23.x
apache / tomcat 5.0.3 5.0.3.x
apache / tomcat 5.0.24 5.0.24.x
apache / tomcat 3.3 3.3.x
apache / tomcat 6.0.8 6.0.8.x
apache / tomcat 5.0.12 5.0.12.x