cbcvebase.
CVE-2007-3382
published 2007-08-14

CVE-2007-3382: Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which…

PriorityP428medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
37.50%
98.3th percentile
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Affected

84 ranges· showing 25
VendorProductVersion rangeFixed in
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B
urlhttp://www.example.com:8080/servlets-examples/servlet/CookieExample?cookiename=BLOCKER&cookievalue=%5C%22A%3D%27%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B
path/examples/servlets/servlet/CookieExample
path/servlets-examples/servlet/CookieExample
  • Look for HTTP requests targeting the Tomcat CookieExample servlet path with cookie values containing URL-encoded single quotes (%27) or backslash-double-quote sequences (%5C%22), which are characteristic of this session ID disclosure exploit.
  • Monitor for requests to /examples/servlets/servlet/CookieExample or /servlets-examples/servlet/CookieExample with manipulated cookievalue parameters, as these are the targeted example servlet endpoints used to demonstrate session ID leakage.
  • Apache Tomcat treats single quotes (') as cookie delimiters in affected versions; inspect Set-Cookie response headers for unexpected single-quote delimited values that may expose session IDs to attackers.
  • ·The vulnerability affects a wide range of Apache Tomcat versions across multiple major branches; ensure version identification is accurate before applying detections, as the fix was introduced in 6.0.14 and 5.5.25.
  • ·The flaw may not be exploitable in isolation; it requires that sensitive data (e.g., session IDs) be present in cookies and that an attacker can observe or inject cookie values. The bug reporter noted 'This may well not be a security issue in itself.'

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.