csaf_redhat - rhsa-2007

rhsa-2007_1069

Vulnerability from csaf_redhat

Published

2007-11-26 13:56

Modified

2024-09-15 16:53

Summary

Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Notes

Topic

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). The default Tomcat configuration permitted the use of insecure SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) Directory listings were enabled by default in Tomcat. Information stored unprotected under the document root was visible to anyone if the administrator did not disable directory listings. (CVE-2006-3835) It was found that generating listings of large directories was CPU intensive. An attacker could make repeated requests to obtain a directory listing of any large directory, leading to a denial of service. (CVE-2005-3510) Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues, and add the tyrex and jakarta-commons-pool packages which are required dependencies of the new Tomcat version.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Tomcat is a servlet container for Java Servlet and JavaServer Pages\ntechnologies.\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\npossible remote attackers could use this failure to obtain sensitive\ninformation, such as session IDs, for session hijacking attacks\n(CVE-2007-3385). \n\nTomcat was found treating single quote characters -- \u0027 -- as delimiters in\ncookies. This could allow remote attackers to obtain sensitive information,\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\n\nThe default Tomcat configuration permitted the use of insecure\nSSL cipher suites including the anonymous cipher suite. (CVE-2007-1858)\n\nTomcat permitted various characters as path delimiters. If Tomcat was used\nbehind certain proxies and configured to only proxy some contexts, an\nattacker could construct an HTTP request to work around the context\nrestriction and potentially access non-proxied content. (CVE-2007-0450)\n\nDirectory listings were enabled by default in Tomcat. Information stored\nunprotected under the document root was visible to anyone if the\nadministrator did not disable directory listings. (CVE-2006-3835)\n\nIt was found that generating listings of large directories was CPU\nintensive. An attacker could make repeated requests to obtain a directory\nlisting of any large directory, leading to a denial of service.\n(CVE-2005-3510) \n\nTomcat was found to accept multiple content-length headers in a\nrequest. This could allow attackers to poison a web-cache, bypass web\napplication firewall protection, or conduct cross-site scripting attacks.\n(CVE-2005-2090)\n\nUsers should upgrade to these erratum packages which contain an update to\nTomcat that resolves these issues, and add the tyrex and\njakarta-commons-pool packages which are required dependencies of the new\nTomcat version.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:1069",
        "url": "https://access.redhat.com/errata/RHSA-2007:1069"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#moderate",
        "url": "http://www.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "237079",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
      },
      {
        "category": "external",
        "summary": "237080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
      },
      {
        "category": "external",
        "summary": "237083",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237083"
      },
      {
        "category": "external",
        "summary": "237084",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
      },
      {
        "category": "external",
        "summary": "237085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
      },
      {
        "category": "external",
        "summary": "247972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
      },
      {
        "category": "external",
        "summary": "247976",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2007/rhsa-2007_1069.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server",
    "tracking": {
      "current_release_date": "2024-09-15T16:53:56+00:00",
      "generator": {
        "date": "2024-09-15T16:53:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2007:1069",
      "initial_release_date": "2007-11-26T13:56:00+00:00",
      "revision_history": [
        {
          "date": "2007-11-26T13:56:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-11-26T08:56:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-15T16:53:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.2::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.0:el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.0 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.0 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.0::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)",
                  "product_id": "3AS-RHNSAT4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.2::el3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.0 (RHEL v.3 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.0 (RHEL v.3 AS)",
                  "product_id": "3AS-RHNSAT4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.0::el3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.1 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.1 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.1::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.1 (RHEL v.3 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.1 (RHEL v.3 AS)",
                  "product_id": "3AS-RHNSAT4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.1::el3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
                  "product_id": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_6rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
                "product": {
                  "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
                  "product_id": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-commons-pool@1.2-2jpp_2rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tyrex-0:1.0.1-2jpp_2rh.noarch",
                "product": {
                  "name": "tyrex-0:1.0.1-2jpp_2rh.noarch",
                  "product_id": "tyrex-0:1.0.1-2jpp_2rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tyrex@1.0.1-2jpp_2rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.0 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch as a component of Red Hat Satellite v 4.0 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tyrex-0:1.0.1-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.0 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch"
        },
        "product_reference": "tyrex-0:1.0.1-2jpp_2rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.1 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch as a component of Red Hat Satellite v 4.1 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tyrex-0:1.0.1-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.1 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch"
        },
        "product_reference": "tyrex-0:1.0.1-2jpp_2rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tyrex-0:1.0.1-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch"
        },
        "product_reference": "tyrex-0:1.0.1-2jpp_2rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch as a component of Red Hat Satellite v 4.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tyrex-0:1.0.1-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch"
        },
        "product_reference": "tyrex-0:1.0.1-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch as a component of Red Hat Satellite v 4.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tyrex-0:1.0.1-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch"
        },
        "product_reference": "tyrex-0:1.0.1-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tyrex-0:1.0.1-2jpp_2rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch"
        },
        "product_reference": "tyrex-0:1.0.1-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_6rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_6rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tyrex-0:1.0.1-2jpp_2rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        },
        "product_reference": "tyrex-0:1.0.1-2jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-2090",
      "discovery_date": "2005-06-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237079"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat multiple content-length header poisioning",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "RHBZ#237079",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
        }
      ],
      "release_date": "2005-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:1069"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat multiple content-length header poisioning"
    },
    {
      "cve": "CVE-2005-3510",
      "discovery_date": "2005-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "RHBZ#237085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
        }
      ],
      "release_date": "2005-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:1069"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat DoS"
    },
    {
      "cve": "CVE-2006-3835",
      "discovery_date": "2006-07-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory listing issue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "RHBZ#237084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
        }
      ],
      "release_date": "2006-07-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:1069"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat directory listing issue"
    },
    {
      "cve": "CVE-2007-0450",
      "discovery_date": "2007-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory traversal",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "RHBZ#237080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
        }
      ],
      "release_date": "2007-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:1069"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat directory traversal"
    },
    {
      "cve": "CVE-2007-1858",
      "discovery_date": "2007-04-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237083"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat anonymous cipher issue",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1858"
        },
        {
          "category": "external",
          "summary": "RHBZ#237083",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237083"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1858"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1858",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1858"
        }
      ],
      "release_date": "2007-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:1069"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat anonymous cipher issue"
    },
    {
      "cve": "CVE-2007-3382",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookies",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "RHBZ#247972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:1069"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookies"
    },
    {
      "cve": "CVE-2007-3385",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247976"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookie values",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
          "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
          "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "RHBZ#247976",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "3AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.0:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.0:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.1:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.1:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT4.2:tyrex-0:1.0.1-2jpp_2rh.noarch",
            "4AS-RHNSAT5:jakarta-commons-pool-0:1.2-2jpp_2rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_6rh.noarch",
            "4AS-RHNSAT5:tyrex-0:1.0.1-2jpp_2rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:1069"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookie values"
    }
  ]
}

cve-2007-0450

Vulnerability from cvelistv5

Published

2007-03-16 22:00

Modified

2024-08-07 12:19

Severity

Summary

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

References

URL	Tags
http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
http://secunia.com/advisories/30908	third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2008/000003.html	mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2007/2732	vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2007/3087	vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/32988	vdb-entry, x_refsource_XF
http://secunia.com/advisories/30899	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1979/references	vdb-entry, x_refsource_VUPEN
http://www.novell.com/linux/security/advisories/2007_5_sr.html	vendor-advisory, x_refsource_SUSE
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	vendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2008/0065	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485938/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/25280	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0360.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/24732	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/22960	vdb-entry, x_refsource_BID
http://secunia.com/advisories/28365	third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
http://www.sec-consult.com/287.html	x_refsource_MISC
http://www.vupen.com/english/advisories/2007/3386	vdb-entry, x_refsource_VUPEN
http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt	x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2007-0327.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/27037	third-party-advisory, x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2007/0975	vdb-entry, x_refsource_VUPEN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
http://www.securityfocus.com/bid/25159	vdb-entry, x_refsource_BID
http://secunia.com/advisories/26660	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html	x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200705-03.xml	vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/25106	third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/2446	third-party-advisory, x_refsource_SREASON
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/462791/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	vendor-advisory, x_refsource_MANDRIVA
http://www.novell.com/linux/security/advisories/2007_15_sr.html	vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/26235	third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643	vdb-entry, signature, x_refsource_OVAL
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:30.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
          },
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "239312",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "ADV-2007-3087",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3087"
          },
          {
            "name": "tomcat-proxy-directory-traversal(32988)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
          },
          {
            "name": "30899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "ADV-2008-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "SUSE-SR:2007:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "ADV-2008-0065",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0065"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "25280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25280"
          },
          {
            "name": "RHSA-2007:0360",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
          },
          {
            "name": "24732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24732"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "22960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22960"
          },
          {
            "name": "28365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/287.html"
          },
          {
            "name": "ADV-2007-3386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
          },
          {
            "name": "RHSA-2007:0327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
          },
          {
            "name": "27037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "SSRT071447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "ADV-2007-0975",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0975"
          },
          {
            "name": "HPSBUX02262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "26660",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26660"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
          },
          {
            "name": "GLSA-200705-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
          },
          {
            "name": "25106",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25106"
          },
          {
            "name": "2446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2446"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
          },
          {
            "name": "MDKSA-2007:241",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          },
          {
            "name": "oval:org.mitre.oval:def:10643",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:10:18",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "30908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30908"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
        },
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "239312",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
        },
        {
          "name": "ADV-2007-3087",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3087"
        },
        {
          "name": "tomcat-proxy-directory-traversal(32988)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
        },
        {
          "name": "30899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30899"
        },
        {
          "name": "ADV-2008-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1979/references"
        },
        {
          "name": "SUSE-SR:2007:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "ADV-2008-0065",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0065"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "25280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25280"
        },
        {
          "name": "RHSA-2007:0360",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
        },
        {
          "name": "24732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24732"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "22960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22960"
        },
        {
          "name": "28365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/287.html"
        },
        {
          "name": "ADV-2007-3386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3386"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
        },
        {
          "name": "RHSA-2007:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
        },
        {
          "name": "27037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "name": "SSRT071447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "ADV-2007-0975",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0975"
        },
        {
          "name": "HPSBUX02262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "26660",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26660"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
        },
        {
          "name": "GLSA-200705-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
        },
        {
          "name": "25106",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25106"
        },
        {
          "name": "2446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2446"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
        },
        {
          "name": "MDKSA-2007:241",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        },
        {
          "name": "oval:org.mitre.oval:def:10643",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-0450",
    "datePublished": "2007-03-16T22:00:00",
    "dateReserved": "2007-01-23T00:00:00",
    "dateUpdated": "2024-08-07T12:19:30.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-3510

Vulnerability from cvelistv5

Published

2005-11-06 11:00

Modified

2024-08-07 23:17

Severity

Summary

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

References

URL	Tags
http://www.redhat.com/support/errata/RHSA-2006-0161.html	vendor-advisory, x_refsource_REDHAT
http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
http://secunia.com/advisories/30908	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17416	third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	vendor-advisory, x_refsource_SUNALERT
http://www.osvdb.org/20439	vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/30899	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/15325	vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/1979/references	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/415782/30/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1015147	vdb-entry, x_refsource_SECTRACK
http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:22.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2006:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "17416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17416"
          },
          {
            "name": "239312",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "20439",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20439"
          },
          {
            "name": "30899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "15325",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15325"
          },
          {
            "name": "ADV-2008-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "1015147",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015147"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2006:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "30908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30908"
        },
        {
          "name": "17416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17416"
        },
        {
          "name": "239312",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
        },
        {
          "name": "20439",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20439"
        },
        {
          "name": "30899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30899"
        },
        {
          "name": "15325",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15325"
        },
        {
          "name": "ADV-2008-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1979/references"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "1015147",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015147"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2006:0161",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "17416",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17416"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "20439",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20439"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "15325",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15325"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "1015147",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015147"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3510",
    "datePublished": "2005-11-06T11:00:00",
    "dateReserved": "2005-11-06T00:00:00",
    "dateUpdated": "2024-08-07T23:17:22.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1858

Vulnerability from cvelistv5

Published

2007-05-09 22:00

Modified

2024-08-07 13:13

Severity

Summary

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

References

URL	Tags
http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/28482	vdb-entry, x_refsource_BID
http://secunia.com/advisories/29392	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=133114899904925&w=2	vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2007/1729	vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html	vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/44183	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133114899904925&w=2	vendor-advisory, x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212	vdb-entry, x_refsource_XF
http://osvdb.org/34882	vdb-entry, x_refsource_OSVDB
http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
http://www.securityfocus.com/bid/64758	vdb-entry, x_refsource_BID
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	x_refsource_CONFIRM
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "28482",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28482"
          },
          {
            "name": "29392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29392"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "HPSBMU02744",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133114899904925\u0026w=2"
          },
          {
            "name": "ADV-2007-1729",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1729"
          },
          {
            "name": "SUSE-SR:2008:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
          },
          {
            "name": "SSRT100776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133114899904925\u0026w=2"
          },
          {
            "name": "tomcat-ssl-security-bypass(34212)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34212"
          },
          {
            "name": "34882",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34882"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "64758",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64758"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:22",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "28482",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28482"
        },
        {
          "name": "29392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29392"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "HPSBMU02744",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133114899904925\u0026w=2"
        },
        {
          "name": "ADV-2007-1729",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1729"
        },
        {
          "name": "SUSE-SR:2008:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
        },
        {
          "name": "SSRT100776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133114899904925\u0026w=2"
        },
        {
          "name": "tomcat-ssl-security-bypass(34212)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34212"
        },
        {
          "name": "34882",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34882"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "64758",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64758"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-1858",
    "datePublished": "2007-05-09T22:00:00",
    "dateReserved": "2007-04-04T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2090

Vulnerability from cvelistv5

Published

2005-06-30 04:00

Modified

2024-08-07 22:15

Severity

Summary

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

References

URL	Tags
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html	x_refsource_CONFIRM
http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
http://secunia.com/advisories/30908	third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2008/000003.html	mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2007/2732	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/13873	vdb-entry, x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2007/3087	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30899	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/29242	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1979/references	vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	vendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2008/0065	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485938/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2007-0360.html	vendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/28365	third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3386	vdb-entry, x_refsource_VUPEN
http://www.securiteam.com/securityreviews/5GP0220G0U.html	x_refsource_MISC
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf	x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2007-0327.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/27037	third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1014365	vdb-entry, x_refsource_SECTRACK
http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
http://www.securityfocus.com/bid/25159	vdb-entry, x_refsource_BID
http://secunia.com/advisories/26660	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
http://seclists.org/lists/bugtraq/2005/Jun/0025.html	mailing-list, x_refsource_BUGTRAQ
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
http://secunia.com/advisories/26235	third-party-advisory, x_refsource_SECUNIA
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:15:37.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
          },
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "13873",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13873"
          },
          {
            "name": "239312",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "ADV-2007-3087",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3087"
          },
          {
            "name": "30899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "29242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "ADV-2008-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "ADV-2008-0065",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0065"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "RHSA-2007:0360",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "oval:org.mitre.oval:def:10499",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499"
          },
          {
            "name": "28365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "ADV-2007-3386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
          },
          {
            "name": "RHSA-2007:0327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
          },
          {
            "name": "27037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "name": "1014365",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1014365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "SSRT071447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "HPSBUX02262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "26660",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26660"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:09:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "30908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30908"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
        },
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "13873",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13873"
        },
        {
          "name": "239312",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
        },
        {
          "name": "ADV-2007-3087",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3087"
        },
        {
          "name": "30899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30899"
        },
        {
          "name": "29242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29242"
        },
        {
          "name": "ADV-2008-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1979/references"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "ADV-2008-0065",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0065"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "RHSA-2007:0360",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "oval:org.mitre.oval:def:10499",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499"
        },
        {
          "name": "28365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "name": "ADV-2007-3386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3386"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
        },
        {
          "name": "RHSA-2007:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
        },
        {
          "name": "27037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27037"
        },
        {
          "name": "1014365",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1014365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "name": "SSRT071447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "HPSBUX02262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "26660",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26660"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
            },
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "13873",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13873"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "ADV-2007-3087",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3087"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "ADV-2008-0065",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0065"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "RHSA-2007:0360",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "oval:org.mitre.oval:def:10499",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499"
            },
            {
              "name": "28365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28365"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "ADV-2007-3386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3386"
            },
            {
              "name": "http://www.securiteam.com/securityreviews/5GP0220G0U.html",
              "refsource": "MISC",
              "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
            },
            {
              "name": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf",
              "refsource": "MISC",
              "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
            },
            {
              "name": "RHSA-2007:0327",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
            },
            {
              "name": "27037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27037"
            },
            {
              "name": "1014365",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1014365"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "SSRT071447",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "HPSBUX02262",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "26660",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26660"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26235"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2090",
    "datePublished": "2005-06-30T04:00:00",
    "dateReserved": "2005-06-30T00:00:00",
    "dateUpdated": "2024-08-07T22:15:37.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3382

Vulnerability from cvelistv5

Published

2007-08-14 22:00

Modified

2024-08-07 14:14

Severity

Summary

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

References

URL	Tags
http://www.debian.org/security/2008/dsa-1453	vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2007-0950.html	vendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT2163	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/476466/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/1981/references	vdb-entry, x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html	vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/27267	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/29242	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3527	vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1018556	vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/26466	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/2902	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/26898	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28361	third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562	vendor-advisory, x_refsource_AIXAPAR
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/28317	third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	vendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	vendor-advisory, x_refsource_SUSE
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2007-0871.html	vendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2007/3386	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30802	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0195.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/27037	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/25316	vdb-entry, x_refsource_BID
http://www.kb.cert.org/vuls/id/993544	third-party-advisory, x_refsource_CERT-VN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/27727	third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/476442/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/36486	third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554	vendor-advisory, x_refsource_HP
http://www.debian.org/security/2008/dsa-1447	vendor-advisory, x_refsource_DEBIAN
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269	vdb-entry, signature, x_refsource_OVAL
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/36006	vdb-entry, x_refsource_XF
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	vendor-advisory, x_refsource_MANDRIVA
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1453",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1453"
          },
          {
            "name": "RHSA-2007:0950",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "20070814 Re: CVE-2007-3382: Handling of cookies containing a \u0027 character",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/476466/100/0/threaded"
          },
          {
            "name": "ADV-2008-1981",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "FEDORA-2007-3456",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
          },
          {
            "name": "27267",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27267"
          },
          {
            "name": "29242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "ADV-2007-3527",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3527"
          },
          {
            "name": "1018556",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018556"
          },
          {
            "name": "26466",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26466"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "ADV-2007-2902",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2902"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "26898",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26898"
          },
          {
            "name": "28361",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28361"
          },
          {
            "name": "IZ55562",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562"
          },
          {
            "name": "SSRT071472",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
          },
          {
            "name": "28317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28317"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "RHSA-2007:0871",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
          },
          {
            "name": "ADV-2007-3386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "name": "30802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "RHSA-2008:0195",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
          },
          {
            "name": "27037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "name": "25316",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25316"
          },
          {
            "name": "VU#993544",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/993544"
          },
          {
            "name": "SSRT071447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "27727",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27727"
          },
          {
            "name": "HPSBUX02262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "20070814 CVE-2007-3382: Handling of cookies containing a \u0027 character",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/476442/100/0/threaded"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "36486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36486"
          },
          {
            "name": "HPSBTU02276",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
          },
          {
            "name": "DSA-1447",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1447"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:11269",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "tomcat-quotecookie-information-disclosure(36006)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006"
          },
          {
            "name": "MDKSA-2007:241",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:21",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-1453",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1453"
        },
        {
          "name": "RHSA-2007:0950",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2163"
        },
        {
          "name": "20070814 Re: CVE-2007-3382: Handling of cookies containing a \u0027 character",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/476466/100/0/threaded"
        },
        {
          "name": "ADV-2008-1981",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1981/references"
        },
        {
          "name": "FEDORA-2007-3456",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
        },
        {
          "name": "27267",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27267"
        },
        {
          "name": "29242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29242"
        },
        {
          "name": "ADV-2007-3527",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3527"
        },
        {
          "name": "1018556",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018556"
        },
        {
          "name": "26466",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26466"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "ADV-2007-2902",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2902"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "26898",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26898"
        },
        {
          "name": "28361",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28361"
        },
        {
          "name": "IZ55562",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562"
        },
        {
          "name": "SSRT071472",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
        },
        {
          "name": "28317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28317"
        },
        {
          "name": "APPLE-SA-2008-06-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "name": "RHSA-2007:0871",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
        },
        {
          "name": "ADV-2007-3386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3386"
        },
        {
          "name": "30802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30802"
        },
        {
          "name": "RHSA-2008:0195",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
        },
        {
          "name": "27037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27037"
        },
        {
          "name": "25316",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25316"
        },
        {
          "name": "VU#993544",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/993544"
        },
        {
          "name": "SSRT071447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "27727",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27727"
        },
        {
          "name": "HPSBUX02262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "20070814 CVE-2007-3382: Handling of cookies containing a \u0027 character",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/476442/100/0/threaded"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "name": "36486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36486"
        },
        {
          "name": "HPSBTU02276",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
        },
        {
          "name": "DSA-1447",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1447"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "name": "oval:org.mitre.oval:def:11269",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "tomcat-quotecookie-information-disclosure(36006)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006"
        },
        {
          "name": "MDKSA-2007:241",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-3382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1453",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1453"
            },
            {
              "name": "RHSA-2007:0950",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "20070814 Re: CVE-2007-3382: Handling of cookies containing a \u0027 character",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/476466/100/0/threaded"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "FEDORA-2007-3456",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
            },
            {
              "name": "27267",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27267"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "ADV-2007-3527",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3527"
            },
            {
              "name": "1018556",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018556"
            },
            {
              "name": "26466",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26466"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "ADV-2007-2902",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2902"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "26898",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26898"
            },
            {
              "name": "28361",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28361"
            },
            {
              "name": "IZ55562",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562"
            },
            {
              "name": "SSRT071472",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
            },
            {
              "name": "28317",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28317"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "RHSA-2007:0871",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
            },
            {
              "name": "ADV-2007-3386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3386"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "RHSA-2008:0195",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
            },
            {
              "name": "27037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27037"
            },
            {
              "name": "25316",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25316"
            },
            {
              "name": "VU#993544",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/993544"
            },
            {
              "name": "SSRT071447",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "27727",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27727"
            },
            {
              "name": "HPSBUX02262",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "20070814 CVE-2007-3382: Handling of cookies containing a \u0027 character",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/476442/100/0/threaded"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "36486",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36486"
            },
            {
              "name": "HPSBTU02276",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
            },
            {
              "name": "DSA-1447",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1447"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:11269",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "tomcat-quotecookie-information-disclosure(36006)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006"
            },
            {
              "name": "MDKSA-2007:241",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3382",
    "datePublished": "2007-08-14T22:00:00",
    "dateReserved": "2007-06-25T00:00:00",
    "dateUpdated": "2024-08-07T14:14:12.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3835

Vulnerability from cvelistv5

Published

2006-07-25 00:00

Modified

2024-08-07 18:48

Severity

Summary

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

References

URL	Tags
http://www.securityfocus.com/bid/19106	vdb-entry, x_refsource_BID
http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
http://secunia.com/advisories/30908	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37297	third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/30899	third-party-advisory, x_refsource_SECUNIA
http://www.sec-consult.com/289.html	x_refsource_MISC
http://www.vupen.com/english/advisories/2008/1979/references	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/1727	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/27902	vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/468048/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	vendor-advisory, x_refsource_SUSE
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	x_refsource_CONFIRM
http://secunia.com/advisories/25212	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/507729/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1016576	vdb-entry, x_refsource_SECTRACK
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html	mailing-list, x_refsource_FULLDISC
http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/34183	vdb-entry, x_refsource_XF
http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt	x_refsource_MISC
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19106",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19106"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "37297",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37297"
          },
          {
            "name": "239312",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "30899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/289.html"
          },
          {
            "name": "ADV-2008-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "ADV-2007-1727",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1727"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "apache-tomcat-url-information-disclosure(27902)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
          },
          {
            "name": "25212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25212"
          },
          {
            "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
          },
          {
            "name": "1016576",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016576"
          },
          {
            "name": "20060721 Directory Listing in Apache Tomcat 5.x.x",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "nokia-tomcat-source-code-disclosure(34183)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19106",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19106"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "30908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30908"
        },
        {
          "name": "37297",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37297"
        },
        {
          "name": "239312",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
        },
        {
          "name": "30899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30899"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/289.html"
        },
        {
          "name": "ADV-2008-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1979/references"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "ADV-2007-1727",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1727"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "apache-tomcat-url-information-disclosure(27902)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
        },
        {
          "name": "25212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25212"
        },
        {
          "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
        },
        {
          "name": "1016576",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016576"
        },
        {
          "name": "20060721 Directory Listing in Apache Tomcat 5.x.x",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "nokia-tomcat-source-code-disclosure(34183)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3835",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19106",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19106"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "37297",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37297"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "http://www.sec-consult.com/289.html",
              "refsource": "MISC",
              "url": "http://www.sec-consult.com/289.html"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "ADV-2007-1727",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1727"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "apache-tomcat-url-information-disclosure(27902)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
            },
            {
              "name": "25212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25212"
            },
            {
              "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
            },
            {
              "name": "1016576",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016576"
            },
            {
              "name": "20060721 Directory Listing in Apache Tomcat 5.x.x",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "nokia-tomcat-source-code-disclosure(34183)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",
              "refsource": "MISC",
              "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3835",
    "datePublished": "2006-07-25T00:00:00",
    "dateReserved": "2006-07-24T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3385

Vulnerability from cvelistv5

Published

2007-08-14 22:00

Modified

2024-08-07 14:14

Severity

Summary

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

References

URL	Tags
http://www.debian.org/security/2008/dsa-1453	vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2007-0950.html	vendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT2163	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1981/references	vdb-entry, x_refsource_VUPEN
http://securityreason.com/securityalert/3011	third-party-advisory, x_refsource_SREASON
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html	vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/27267	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/29242	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3527	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/26466	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/2902	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/35999	vdb-entry, x_refsource_XF
http://secunia.com/advisories/26898	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28361	third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562	vendor-advisory, x_refsource_AIXAPAR
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/44183	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28317	third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	vendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	vendor-advisory, x_refsource_SUSE
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2007-0871.html	vendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2007/3386	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30802	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0195.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/27037	third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1018557	vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/25316	vdb-entry, x_refsource_BID
http://www.kb.cert.org/vuls/id/993544	third-party-advisory, x_refsource_CERT-VN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/27727	third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/36486	third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554	vendor-advisory, x_refsource_HP
http://www.debian.org/security/2008/dsa-1447	vendor-advisory, x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549	vdb-entry, signature, x_refsource_OVAL
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/476444/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	vendor-advisory, x_refsource_MANDRIVA
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.922Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1453",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1453"
          },
          {
            "name": "RHSA-2007:0950",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "ADV-2008-1981",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "3011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3011"
          },
          {
            "name": "FEDORA-2007-3456",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
          },
          {
            "name": "27267",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27267"
          },
          {
            "name": "29242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "ADV-2007-3527",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3527"
          },
          {
            "name": "26466",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26466"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "ADV-2007-2902",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2902"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "tomcat-slashcookie-information-disclosure(35999)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35999"
          },
          {
            "name": "26898",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26898"
          },
          {
            "name": "28361",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28361"
          },
          {
            "name": "IZ55562",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562"
          },
          {
            "name": "SSRT071472",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "name": "28317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28317"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "RHSA-2007:0871",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
          },
          {
            "name": "ADV-2007-3386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "name": "30802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "RHSA-2008:0195",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
          },
          {
            "name": "27037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "name": "1018557",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018557"
          },
          {
            "name": "25316",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25316"
          },
          {
            "name": "VU#993544",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/993544"
          },
          {
            "name": "SSRT071447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "27727",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27727"
          },
          {
            "name": "HPSBUX02262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "36486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36486"
          },
          {
            "name": "HPSBTU02276",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
          },
          {
            "name": "DSA-1447",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1447"
          },
          {
            "name": "oval:org.mitre.oval:def:9549",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "20070814 CVE-2007-3385: Handling of \\\" in cookies",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/476444/100/0/threaded"
          },
          {
            "name": "MDKSA-2007:241",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:24",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-1453",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1453"
        },
        {
          "name": "RHSA-2007:0950",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2163"
        },
        {
          "name": "ADV-2008-1981",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1981/references"
        },
        {
          "name": "3011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3011"
        },
        {
          "name": "FEDORA-2007-3456",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
        },
        {
          "name": "27267",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27267"
        },
        {
          "name": "29242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29242"
        },
        {
          "name": "ADV-2007-3527",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3527"
        },
        {
          "name": "26466",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26466"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "ADV-2007-2902",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2902"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "tomcat-slashcookie-information-disclosure(35999)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35999"
        },
        {
          "name": "26898",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26898"
        },
        {
          "name": "28361",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28361"
        },
        {
          "name": "IZ55562",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562"
        },
        {
          "name": "SSRT071472",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "name": "28317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28317"
        },
        {
          "name": "APPLE-SA-2008-06-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "name": "RHSA-2007:0871",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
        },
        {
          "name": "ADV-2007-3386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3386"
        },
        {
          "name": "30802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30802"
        },
        {
          "name": "RHSA-2008:0195",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
        },
        {
          "name": "27037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27037"
        },
        {
          "name": "1018557",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018557"
        },
        {
          "name": "25316",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25316"
        },
        {
          "name": "VU#993544",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/993544"
        },
        {
          "name": "SSRT071447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "27727",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27727"
        },
        {
          "name": "HPSBUX02262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "name": "36486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36486"
        },
        {
          "name": "HPSBTU02276",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
        },
        {
          "name": "DSA-1447",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1447"
        },
        {
          "name": "oval:org.mitre.oval:def:9549",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "20070814 CVE-2007-3385: Handling of \\\" in cookies",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/476444/100/0/threaded"
        },
        {
          "name": "MDKSA-2007:241",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-3385",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1453",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1453"
            },
            {
              "name": "RHSA-2007:0950",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "3011",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3011"
            },
            {
              "name": "FEDORA-2007-3456",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
            },
            {
              "name": "27267",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27267"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "ADV-2007-3527",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3527"
            },
            {
              "name": "26466",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26466"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "ADV-2007-2902",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2902"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "tomcat-slashcookie-information-disclosure(35999)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35999"
            },
            {
              "name": "26898",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26898"
            },
            {
              "name": "28361",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28361"
            },
            {
              "name": "IZ55562",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562"
            },
            {
              "name": "SSRT071472",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
            },
            {
              "name": "44183",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44183"
            },
            {
              "name": "28317",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28317"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "RHSA-2007:0871",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
            },
            {
              "name": "ADV-2007-3386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3386"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "RHSA-2008:0195",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
            },
            {
              "name": "27037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27037"
            },
            {
              "name": "1018557",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018557"
            },
            {
              "name": "25316",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25316"
            },
            {
              "name": "VU#993544",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/993544"
            },
            {
              "name": "SSRT071447",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "27727",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27727"
            },
            {
              "name": "HPSBUX02262",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "36486",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36486"
            },
            {
              "name": "HPSBTU02276",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
            },
            {
              "name": "DSA-1447",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1447"
            },
            {
              "name": "oval:org.mitre.oval:def:9549",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "20070814 CVE-2007-3385: Handling of \\\" in cookies",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/476444/100/0/threaded"
            },
            {
              "name": "MDKSA-2007:241",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3385",
    "datePublished": "2007-08-14T22:00:00",
    "dateReserved": "2007-06-25T00:00:00",
    "dateUpdated": "2024-08-07T14:14:12.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags