jvndb-2008-000009
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2010-01-05 12:14
Severity ?
() - -
Summary
Apache Tomcat fails to properly handle cookie value
Details
Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages. The developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.
References
JVN http://jvn.jp/en/jp/JVN09470767/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5333
SNSDB http://www.lac.co.jp/business/sns/intelligence/SNSadvisory/97.html
SECUNIA http://secunia.com/advisories/28878
BID http://www.securityfocus.com/bid/27706
FRSIRT http://www.frsirt.com/english/advisories/2008/0488
Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Apache Software FoundationApache Tomcat
Trend Micro, Inc.TrendMicro InterScan Messaging Security Appliance
Trend Micro, Inc.InterScan Messaging Security Suite
Trend Micro, Inc.TrendMicro InterScan Web Security Appliance
Trend Micro, Inc.TrendMicro InterScan Web Security Suite
VMwareVMware ESX
VMwareVMware Server
VMwareVMware vCenter
VMwareVMware VirtualCenter
Apple Inc.Apple Mac OS X
Apple Inc.Apple Mac OS X Server
Cybertrust Japan Co., Ltd.Asianux Server
Red Hat, Inc.Red Hat Enterprise Linux
Red Hat, Inc.Red Hat Enterprise Linux Desktop
Red Hat, Inc.Red Hat Enterprise Linux EUS
Red Hat, Inc.RHEL Desktop Workstation
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000009.html",
  "dc:date": "2010-01-05T12:14+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2010-01-05T12:14+09:00",
  "description": "Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user\u0027s web browser.\r\n\r\nApache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.\r\n\r\nThe developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000009.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_messaging_security_appliance",
      "@product": "TrendMicro InterScan Messaging Security Appliance",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_messaging_security_suite",
      "@product": "InterScan Messaging Security Suite",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_web_security_appliance",
      "@product": "TrendMicro InterScan Web Security Appliance",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_web_security_suite",
      "@product": "TrendMicro InterScan Web Security Suite",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:esx",
      "@product": "VMware ESX",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:server",
      "@product": "VMware Server",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:vcenter",
      "@product": "VMware vCenter",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:virtualcenter",
      "@product": "VMware VirtualCenter",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_eus",
      "@product": "Red Hat Enterprise Linux EUS",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000009",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN09470767/index.html",
      "@id": "JVN#09470767",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
      "@id": "CVE-2007-5333",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5333",
      "@id": "CVE-2007-5333",
      "@source": "NVD"
    },
    {
      "#text": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory/97.html",
      "@id": "SNS Advisory No.97",
      "@source": "SNSDB"
    },
    {
      "#text": "http://secunia.com/advisories/28878",
      "@id": "SA28878",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/27706",
      "@id": "27706",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/0488",
      "@id": "FrSIRT/ADV-2008-0488",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Apache Tomcat fails to properly handle cookie value"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.