ByteOS Network

NVD Vulnerability Details :

CVE-2007-3382

Modified

Source-secalert@redhat.com

Published At-14 Aug, 2007 | 22:17

Updated At-23 Apr, 2026 | 00:35

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

Hyperlink	Source	Resource
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	secalert@redhat.com	N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	secalert@redhat.com	N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554	secalert@redhat.com	N/A
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	secalert@redhat.com	N/A
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	secalert@redhat.com	N/A
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	secalert@redhat.com	N/A
http://secunia.com/advisories/26466	secalert@redhat.com	N/A
http://secunia.com/advisories/26898	secalert@redhat.com	N/A
http://secunia.com/advisories/27037	secalert@redhat.com	N/A
http://secunia.com/advisories/27267	secalert@redhat.com	N/A
http://secunia.com/advisories/27727	secalert@redhat.com	N/A
http://secunia.com/advisories/28317	secalert@redhat.com	N/A
http://secunia.com/advisories/28361	secalert@redhat.com	N/A
http://secunia.com/advisories/29242	secalert@redhat.com	N/A
http://secunia.com/advisories/30802	secalert@redhat.com	N/A
http://secunia.com/advisories/33668	secalert@redhat.com	N/A
http://secunia.com/advisories/36486	secalert@redhat.com	N/A
http://securitytracker.com/id?1018556	secalert@redhat.com	N/A
http://support.apple.com/kb/HT2163	secalert@redhat.com	N/A
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	secalert@redhat.com	N/A
http://tomcat.apache.org/security-6.html	secalert@redhat.com	Patch
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562	secalert@redhat.com	N/A
http://www.debian.org/security/2008/dsa-1447	secalert@redhat.com	N/A
http://www.debian.org/security/2008/dsa-1453	secalert@redhat.com	N/A
http://www.kb.cert.org/vuls/id/993544	secalert@redhat.com	Patch US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	secalert@redhat.com	N/A
http://www.redhat.com/support/errata/RHSA-2007-0871.html	secalert@redhat.com	N/A
http://www.redhat.com/support/errata/RHSA-2007-0950.html	secalert@redhat.com	N/A
http://www.redhat.com/support/errata/RHSA-2008-0195.html	secalert@redhat.com	N/A
http://www.redhat.com/support/errata/RHSA-2008-0261.html	secalert@redhat.com	N/A
http://www.securityfocus.com/archive/1/476442/100/0/threaded	secalert@redhat.com	N/A
http://www.securityfocus.com/archive/1/476466/100/0/threaded	secalert@redhat.com	N/A
http://www.securityfocus.com/archive/1/500396/100/0/threaded	secalert@redhat.com	N/A
http://www.securityfocus.com/archive/1/500412/100/0/threaded	secalert@redhat.com	N/A
http://www.securityfocus.com/bid/25316	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2007/2902	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2007/3386	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2007/3527	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2008/1981/references	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2009/0233	secalert@redhat.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/36006	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	secalert@redhat.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269	secalert@redhat.com	N/A
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html	secalert@redhat.com	N/A
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	af854a3a-2127-422b-91ae-364da2661108	N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	af854a3a-2127-422b-91ae-364da2661108	N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/26466	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/26898	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/27037	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/27267	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/27727	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/28317	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/28361	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/29242	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/30802	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/33668	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/36486	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securitytracker.com/id?1018556	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.apple.com/kb/HT2163	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	af854a3a-2127-422b-91ae-364da2661108	N/A
http://tomcat.apache.org/security-6.html	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2008/dsa-1447	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2008/dsa-1453	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kb.cert.org/vuls/id/993544	af854a3a-2127-422b-91ae-364da2661108	Patch US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2007-0871.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2007-0950.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2008-0195.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2008-0261.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/476442/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/476466/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/500396/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/500412/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/25316	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2007/2902	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2007/3386	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2007/3527	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2008/1981/references	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2009/0233	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/36006	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History