CVE-2007-3382
published 2007-08-14CVE-2007-3382: Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
37.50%
98.3th percentile
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
Affected
84 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://www.example.com:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B↗
urlhttp://www.example.com:8080/servlets-examples/servlet/CookieExample?cookiename=BLOCKER&cookievalue=%5C%22A%3D%27%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B↗
- →Look for HTTP requests targeting the Tomcat CookieExample servlet path with cookie values containing URL-encoded single quotes (%27) or backslash-double-quote sequences (%5C%22), which are characteristic of this session ID disclosure exploit. ↗
- →Monitor for requests to /examples/servlets/servlet/CookieExample or /servlets-examples/servlet/CookieExample with manipulated cookievalue parameters, as these are the targeted example servlet endpoints used to demonstrate session ID leakage. ↗
- →Apache Tomcat treats single quotes (') as cookie delimiters in affected versions; inspect Set-Cookie response headers for unexpected single-quote delimited values that may expose session IDs to attackers. ↗
- ·The vulnerability affects a wide range of Apache Tomcat versions across multiple major branches; ensure version identification is accurate before applying detections, as the fix was introduced in 6.0.14 and 5.5.25. ↗
- ·The flaw may not be exploitable in isolation; it requires that sensitive data (e.g., session IDs) be present in cookies and that an attacker can observe or inject cookie values. The bug reporter noted 'This may well not be a security issue in itself.' ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache Tomcat treats single quotes as delimiters in cookies
osv·2022-05-01
CVE-2007-3382 [MEDIUM] Apache Tomcat treats single quotes as delimiters in cookies
Apache Tomcat treats single quotes as delimiters in cookies
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (`'`) as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
GHSA
Apache Tomcat treats single quotes as delimiters in cookies
ghsa·2022-05-01
CVE-2007-3382 [MEDIUM] CWE-200 Apache Tomcat treats single quotes as delimiters in cookies
Apache Tomcat treats single quotes as delimiters in cookies
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (`'`) as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
Red Hat
tomcat handling of cookies
vendor_redhat·2007-08-14·CVSS 4.3
CVE-2007-3382 [MEDIUM] tomcat handling of cookies
tomcat handling of cookies
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
No detection rules found.
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
bugzilla·2008-01-10·CVSS 4.3
CVE-2007-5333 [MEDIUM] CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
rhn_satellite_5.0 tracking bug: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.
For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ
[bug automatically created by: add-tracking-bugs]
Discussion:
[root@rlx-3-18 RPMS]# ls tomcat5-5.0.30-0jpp_9rh.noarch.rpm
tomcat5-5.0.30-0jpp_9rh.noarch.rpm
[root@rlx-3-18 RPMS]# pwd
/tmp/mnt/RPMS
[root@rlx-3-18 RPMS]#
verified
---
This is not a bug. The real issue that was talked about is actually:
private bug Bugzilla Bug 430731: CVE-2007-5461 CVE-2007-3385 CVE-2007-3382
CVE-2007-1358 CVE-2007-1355 CVE-2007
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [Fdevel]
bugzilla·2007-08-24·CVSS 4.3
CVE-2007-3382 [MEDIUM] CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [Fdevel]
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This is already fixed in 5.5.25. Closing bug.
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [F7]
bugzilla·2007-08-24·CVSS 4.3
CVE-2007-3382 [MEDIUM] CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [F7]
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This is already fixed in 5.5.25. Closing bug.
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [FC6]
bugzilla·2007-08-24·CVSS 4.3
CVE-2007-3382 [MEDIUM] CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [FC6]
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Closing this bug, since FC-6 is now unsupported.
Bugzilla
CVE-2007-3382 tomcat handling of cookies
bugzilla·2007-07-12·CVSS 4.3
CVE-2007-3382 [MEDIUM] CVE-2007-3382 tomcat handling of cookies
CVE-2007-3382 tomcat handling of cookies
CERT reported to security@tomcat a flaw handling cookies containing a '
character. Tomcat currently treats it as a delimeter. This may well not be a
security issue in itself.
TC 6.0: http://svn.apache.org/viewvc?view=rev&rev=553218
TC 5.5: Affected.
TC 5.0: Affected. (Use $Version=1).
TC 4.1: Like 5.0
additional patch also needed, attached
Issue not yet public
Discussion:
Created attachment 159049
additional patch (also needs svn commit)
---
removing embargo, now public at http://tomcat.apache.org/security-4.html
---
tomcat5-5.5.25-1jpp.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable reposito
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/26466http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://secunia.com/advisories/29242http://secunia.com/advisories/30802http://secunia.com/advisories/33668http://secunia.com/advisories/36486http://securitytracker.com/id?1018556http://support.apple.com/kb/HT2163http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-6.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562http://www.debian.org/security/2008/dsa-1447http://www.debian.org/security/2008/dsa-1453http://www.kb.cert.org/vuls/id/993544http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0871.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0950.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0195.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/476442/100/0/threadedhttp://www.securityfocus.com/archive/1/476466/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25316http://www.vupen.com/english/advisories/2007/2902http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2007/3527http://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/36006https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/26466http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://secunia.com/advisories/29242http://secunia.com/advisories/30802http://secunia.com/advisories/33668http://secunia.com/advisories/36486http://securitytracker.com/id?1018556http://support.apple.com/kb/HT2163http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-6.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562http://www.debian.org/security/2008/dsa-1447http://www.debian.org/security/2008/dsa-1453http://www.kb.cert.org/vuls/id/993544http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0871.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0950.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0195.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/476442/100/0/threadedhttp://www.securityfocus.com/archive/1/476466/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25316http://www.vupen.com/english/advisories/2007/2902http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2007/3527http://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/36006https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
2007-08-14
Published