CVSS: 5.0EPSS: 15%CPEs: 3EXPL: 2CVE-2007-5333 – Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
https://notcve.org/view.php?id=CVE-2007-5333
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. Apache Tomcat 6.0.0 hasta 6.0.14, 5.5.0 hasta 5.5.25, 4.1.36 y 4.1.0 al no manejar adecuadamente secuencias (1) caracteres de dobles comillas (") o (2) secuencias de contrabarra codificadas %5C en un valor de cookie, podría provocar que información sensible como los IDs de sesión sean filtradas a atacantes remotos, así como habilitar ataques de secuestro de sesión. NOTA: este problema existe debido a una arreglo erroneo de CVE-2007-3385. • https://www.exploit-db.com/exploits/31130 http://jvn.jp/jp/JVN%2309470767/index.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/28878 http://secunia.com/advisories/28884 http://secunia.com/advisories/28915 http://se • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0128 – tomcat5 SSO cookie login information disclosure
https://notcve.org/view.php?id=CVE-2008-0128
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. El valor SingleSignOn (org.apache.catalina.authenticator.SingleSignOn) en Apache Tomcat anterior a 5.5.21 no asigna la bandera segura para la cookie JSESSIONIDSSO en una sesión http, haciéndolo más fácil para atacantes remotos para capturar esta cookie. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://issues.apache.org/bugzilla/show_bug.cgi?id=41217 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/28549 http://secunia.com/advisories/28552 http://secunia.com/advisories/29242 http://secunia.com/advisories/31493 http://secunia.com/advisories/33668 http://security-tracker.debian.net/tracker/CVE- • CWE-16: Configuration •
CVSS: 3.5EPSS: 1%CPEs: 44EXPL: 3CVE-2007-5461 – Apache Tomcat - WebDAV SSL Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versión 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versión 5.5.25 y 6.0.0 hasta la versión 6.0.14, bajo determinadas configuraciones, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una petición de escritura WebDAV que especifica una entidad con una etiqueta SYSTEM. • https://www.exploit-db.com/exploits/4552 https://www.exploit-db.com/exploits/4530 http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html http://issues.apache.org/jira/browse/GERONIMO-3549 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-s • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 4%CPEs: 85EXPL: 0CVE-2007-3385 – tomcat handling of cookie values
https://notcve.org/view.php?id=CVE-2007-3385
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. Apache Tomcat 6.0.0 hasta 6.0.13, 5.5.0 hasta 5.5.24, 5.0.0 hasta 5.0.30, 4.1.0 hasta 4.1.36, y 3.3 hasta 3.3.2 no trata adecuadamente la secuencia de caracteres \" en un valor de cookie, lo cual podría provocar que información sensible como los IDs de sesión sean filtradas a atacantes remotos, así como habilitar ataques de secuestro de sesión. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/26466 http:/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 8%CPEs: 85EXPL: 1CVE-2007-3382 – Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure
https://notcve.org/view.php?id=CVE-2007-3382
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. Apache Tomcat 6.0.0 hasta 6.0.13, 5.5.0 hasta 5.5.24, 5.0.0 hasta 5.0.30, 4.1.0 hasta 4.1.36, y 3.3 hasta 3.3.2 trata las comillas simples ("'") como delimitadores en las cookies, lo cual podría provocar que información sensible como los identificadores de sesión se filtre y permita a atacantes remotos llevar a cabo ataques de secuestro de sesión. • https://www.exploit-db.com/exploits/30496 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •