JVN/CVE Demo: Nvdinfos

NVD

Id: 57409
Name: CVE-2007-5333
Description: Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
Reject
CVSS Version: 2
CVSS Score: 5
Severity: Medium
CVSS Base Score: 5
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 10
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Pub Date: 2017-01-07
Published: 2008-02-11
Modified Date: 2014-03-15
Seq: 2007-5333

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
293321	57409	CVE-2007-5333	JVN#09470767	View
293322	57409	CVE-2007-5333	APPLE-SA-2008-06-30	View
293323	57409	CVE-2007-5333	APPLE-SA-2008-10-09	View
293324	57409	CVE-2007-5333	SUSE-SR:2009:004	View
293325	57409	CVE-2007-5333	HPSBST02955	View
293326	57409	CVE-2007-5333	oval:org.mitre.oval:def:11177	View
293327	57409	CVE-2007-5333	GLSA-200804-10	View
293328	57409	CVE-2007-5333	3636	View
293329	57409	CVE-2007-5333	http://support.apple.com/kb/HT2163	View
293330	57409	CVE-2007-5333	http://support.apple.com/kb/HT3216	View
293331	57409	CVE-2007-5333	http://tomcat.apache.org/security-4.html	View
293332	57409	CVE-2007-5333	http://tomcat.apache.org/security-5.html	View
293333	57409	CVE-2007-5333	http://tomcat.apache.org/security-6.html	View
293334	57409	CVE-2007-5333	http://www-01.ibm.com/support/docview.wss?uid=swg24018932	View
293335	57409	CVE-2007-5333	http://www-01.ibm.com/support/docview.wss?uid=swg27012047	View
293336	57409	CVE-2007-5333	http://www-01.ibm.com/support/docview.wss?uid=swg27012048	View
293337	57409	CVE-2007-5333	IZ20133	View
293338	57409	CVE-2007-5333	IZ20991	View
293339	57409	CVE-2007-5333	MDVSA-2009:018	View
293340	57409	CVE-2007-5333	MDVSA-2010:176	View
293341	57409	CVE-2007-5333	http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html	View
293342	57409	CVE-2007-5333	20080208 [SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities	View
293343	57409	CVE-2007-5333	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components	View
293344	57409	CVE-2007-5333	27706	View
293345	57409	CVE-2007-5333	31681	View
293346	57409	CVE-2007-5333	http://www.vmware.com/security/advisories/VMSA-2008-0010.html	View
293347	57409	CVE-2007-5333	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	View
293348	57409	CVE-2007-5333	ADV-2008-0488	View
293349	57409	CVE-2007-5333	ADV-2008-1856	View
293350	57409	CVE-2007-5333	ADV-2008-1981	View
293351	57409	CVE-2007-5333	ADV-2008-2690	View
293352	57409	CVE-2007-5333	ADV-2008-2780	View
293353	57409	CVE-2007-5333	ADV-2009-3316	View
293354	57409	CVE-2007-5333	https://bugzilla.redhat.com/show_bug.cgi?id=532111	View
293355	57409	CVE-2007-5333	FEDORA-2008-1467	View
293356	57409	CVE-2007-5333	FEDORA-2008-1603	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
45620	JVNDB-2008-000009	Apache Tomcat において不正な Cookie を送信される脆弱性	The Apache Software Foundation が提供する Apache Tomcat には、不正な Cookie を送信される脆弱性が存在します。	CVE-2007-5333	28688	CVE-2007-5333	57409	4.3		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000009.html	2008-02-12	2015-03-05	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.49 MB
Controller render start	2.33 MB
View render complete	23.19 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	4.05
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	275.84
Event: Controller.beforeRender	5.17
» Processing toolbar data	5.07
Rendering View	905.18
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	875.76
» Event: View.afterRender	0.04
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	18.83
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	5.88
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/57409
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/57409
Remote Port	29024
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.148
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.78.197
Http Via	1.1 squid-proxy-5b5d847c96-v2jzj (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.148
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.148
Unique Id	aFxVbf9jLvNmkfOVX5UJDwAAAMQ
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.148
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.148
Redirect Unique Id	aFxVbf9jLvNmkfOVX5UJDwAAAMQ
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.148
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.148
Redirect Redirect Unique Id	aFxVbf9jLvNmkfOVX5UJDwAAAMQ
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1750881645.9359
Request Time	1750881645

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files