CVE
- Id
- 28690
- CVE No.
- CVE-2007-5333
- Status
- Candidate
- Description
- Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
- Phase
- Assigned (20071010)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 299024 | 28690 | CVE-2007-5333 | BUGTRAQ:20080208 [SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities | View |
| 299025 | 28690 | CVE-2007-5333 | URL:http://www.securityfocus.com/archive/1/archive/1/487822/100/0/threaded | View |
| 299026 | 28690 | CVE-2007-5333 | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | View |
| 299027 | 28690 | CVE-2007-5333 | URL:http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded | View |
| 299028 | 28690 | CVE-2007-5333 | CONFIRM:http://tomcat.apache.org/security-4.html | View |
| 299029 | 28690 | CVE-2007-5333 | CONFIRM:http://tomcat.apache.org/security-5.html | View |
| 299030 | 28690 | CVE-2007-5333 | CONFIRM:http://tomcat.apache.org/security-6.html | View |
| 299031 | 28690 | CVE-2007-5333 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0010.html | View |
| 299032 | 28690 | CVE-2007-5333 | CONFIRM:http://support.apple.com/kb/HT2163 | View |
| 299033 | 28690 | CVE-2007-5333 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg24018932 | View |
| 299034 | 28690 | CVE-2007-5333 | CONFIRM:http://support.apple.com/kb/HT3216 | View |
| 299035 | 28690 | CVE-2007-5333 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg27012047 | View |
| 299036 | 28690 | CVE-2007-5333 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg27012048 | View |
| 299037 | 28690 | CVE-2007-5333 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | View |
| 299038 | 28690 | CVE-2007-5333 | CONFIRM:http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html | View |
| 299039 | 28690 | CVE-2007-5333 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=532111 | View |
| 299040 | 28690 | CVE-2007-5333 | AIXAPAR:IZ20991 | View |
| 299041 | 28690 | CVE-2007-5333 | URL:http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991 | View |
| 299042 | 28690 | CVE-2007-5333 | AIXAPAR:IZ20133 | View |
| 299043 | 28690 | CVE-2007-5333 | URL:http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133 | View |
| 299044 | 28690 | CVE-2007-5333 | APPLE:APPLE-SA-2008-06-30 | View |
| 299045 | 28690 | CVE-2007-5333 | URL:http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html | View |
| 299046 | 28690 | CVE-2007-5333 | APPLE:APPLE-SA-2008-10-09 | View |
| 299047 | 28690 | CVE-2007-5333 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | View |
| 299048 | 28690 | CVE-2007-5333 | FEDORA:FEDORA-2008-1467 | View |
| 299049 | 28690 | CVE-2007-5333 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html | View |
| 299050 | 28690 | CVE-2007-5333 | FEDORA:FEDORA-2008-1603 | View |
| 299051 | 28690 | CVE-2007-5333 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html | View |
| 299052 | 28690 | CVE-2007-5333 | GENTOO:GLSA-200804-10 | View |
| 299053 | 28690 | CVE-2007-5333 | URL:http://security.gentoo.org/glsa/glsa-200804-10.xml | View |
| 299054 | 28690 | CVE-2007-5333 | HP:HPSBST02955 | View |
| 299055 | 28690 | CVE-2007-5333 | URL:http://marc.info/?l=bugtraq&m=139344343412337&w=2 | View |
| 299056 | 28690 | CVE-2007-5333 | MANDRIVA:MDVSA-2009:018 | View |
| 299057 | 28690 | CVE-2007-5333 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:018 | View |
| 299058 | 28690 | CVE-2007-5333 | MANDRIVA:MDVSA-2010:176 | View |
| 299059 | 28690 | CVE-2007-5333 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 | View |
| 299060 | 28690 | CVE-2007-5333 | SUSE:SUSE-SR:2009:004 | View |
| 299061 | 28690 | CVE-2007-5333 | URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | View |
| 299062 | 28690 | CVE-2007-5333 | JVN:JVN#09470767 | View |
| 299063 | 28690 | CVE-2007-5333 | URL:http://jvn.jp/jp/JVN%2309470767/index.html | View |
| 299064 | 28690 | CVE-2007-5333 | BID:27706 | View |
| 299065 | 28690 | CVE-2007-5333 | URL:http://www.securityfocus.com/bid/27706 | View |
| 299066 | 28690 | CVE-2007-5333 | BID:31681 | View |
| 299067 | 28690 | CVE-2007-5333 | URL:http://www.securityfocus.com/bid/31681 | View |
| 299068 | 28690 | CVE-2007-5333 | OVAL:oval:org.mitre.oval:def:11177 | View |
| 299069 | 28690 | CVE-2007-5333 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11177 | View |
| 299070 | 28690 | CVE-2007-5333 | SECUNIA:37460 | View |
| 299071 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/37460 | View |
| 299072 | 28690 | CVE-2007-5333 | SECUNIA:44183 | View |
| 299073 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/44183 | View |
| 299074 | 28690 | CVE-2007-5333 | SECUNIA:57126 | View |
| 299075 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/57126 | View |
| 299076 | 28690 | CVE-2007-5333 | VUPEN:ADV-2008-0488 | View |
| 299077 | 28690 | CVE-2007-5333 | URL:http://www.vupen.com/english/advisories/2008/0488 | View |
| 299078 | 28690 | CVE-2007-5333 | VUPEN:ADV-2008-1856 | View |
| 299079 | 28690 | CVE-2007-5333 | URL:http://www.vupen.com/english/advisories/2008/1856/references | View |
| 299080 | 28690 | CVE-2007-5333 | VUPEN:ADV-2008-1981 | View |
| 299081 | 28690 | CVE-2007-5333 | URL:http://www.vupen.com/english/advisories/2008/1981/references | View |
| 299082 | 28690 | CVE-2007-5333 | VUPEN:ADV-2008-2780 | View |
| 299083 | 28690 | CVE-2007-5333 | URL:http://www.vupen.com/english/advisories/2008/2780 | View |
| 299084 | 28690 | CVE-2007-5333 | VUPEN:ADV-2008-2690 | View |
| 299085 | 28690 | CVE-2007-5333 | URL:http://www.vupen.com/english/advisories/2008/2690 | View |
| 299086 | 28690 | CVE-2007-5333 | SECUNIA:28878 | View |
| 299087 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/28878 | View |
| 299088 | 28690 | CVE-2007-5333 | SECUNIA:28884 | View |
| 299089 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/28884 | View |
| 299090 | 28690 | CVE-2007-5333 | SECUNIA:28915 | View |
| 299091 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/28915 | View |
| 299092 | 28690 | CVE-2007-5333 | SECUNIA:29711 | View |
| 299093 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/29711 | View |
| 299094 | 28690 | CVE-2007-5333 | SECUNIA:30676 | View |
| 299095 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/30676 | View |
| 299096 | 28690 | CVE-2007-5333 | SECUNIA:30802 | View |
| 299097 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/30802 | View |
| 299098 | 28690 | CVE-2007-5333 | SECUNIA:32036 | View |
| 299099 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/32036 | View |
| 299100 | 28690 | CVE-2007-5333 | SECUNIA:32222 | View |
| 299101 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/32222 | View |
| 299102 | 28690 | CVE-2007-5333 | SECUNIA:33330 | View |
| 299103 | 28690 | CVE-2007-5333 | URL:http://secunia.com/advisories/33330 | View |
| 299104 | 28690 | CVE-2007-5333 | SREASON:3636 | View |
| 299105 | 28690 | CVE-2007-5333 | URL:http://securityreason.com/securityalert/3636 | View |
| 299106 | 28690 | CVE-2007-5333 | VUPEN:ADV-2009-3316 | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 55802 | JVNDB-2007-004494 | Mozilla Firefox における重要なシステム情報を取得される脆弱性 | Mozilla Firefox には、重要なシステム情報を取得される脆弱性が存在します。 | CVE-2007-5335 | 28690 | 4.3 | http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004494.html | View |
