CVE-2007-5333
published 2008-02-12CVE-2007-5333: Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded…
PriorityP343medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
62.58%
99.1th percentile
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | 4.1.0 – 4.1.36 | — |
| apache | tomcat | 5.5.0 – 5.5.25 | — |
| apache | tomcat | 6.0.0 – 6.0.14 | — |
| vmware | esxi | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://www.example.com/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B↗
- →Detect HTTP requests containing cookie values with double-quote characters (") or encoded backslash sequences (%5C) that may be used to manipulate cookie parsing and leak session IDs. ↗
- →Inspect HTTP Cookie headers for malformed quoted values (e.g., unbalanced or embedded double quotes within cookie value fields) as an indicator of exploitation attempts against CVE-2007-5333. ↗
- →Monitor requests to Apache Tomcat servlet/cookie example endpoints (e.g., /examples/servlets/servlet/CookieExample) with URL-encoded backslash (%5C) and double-quote (%22) sequences in query parameters, which are characteristic of this exploit. ↗
- ·Affected versions span Apache Tomcat 4.1.0–4.1.36, 5.5.0–5.5.25, and 6.0.0–6.0.14; this vulnerability is an incomplete fix for CVE-2007-3385, so environments patched only for that prior CVE remain vulnerable. ↗
- ·This issue exists because of an incomplete fix for CVE-2007-3385; systems believed to be remediated via that earlier fix should be re-evaluated. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Exposure of Sensitive Information in Apache Tomcat
ghsa·2022-05-01·CVSS 4.3
CVE-2007-5333 [MEDIUM] CWE-200 Exposure of Sensitive Information in Apache Tomcat
Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
OSV
Exposure of Sensitive Information in Apache Tomcat
osv·2022-05-01·CVSS 4.3
CVE-2007-5333 [MEDIUM] Exposure of Sensitive Information in Apache Tomcat
Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
VMware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
vendor_vmware·2009-11-20·CVSS 5.0
CVE-2007-2052 [MEDIUM] VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-
Red Hat
Improve cookie parsing for tomcat5
vendor_redhat·2008-02-11·CVSS 4.3
CVE-2007-5333 [MEDIUM] Improve cookie parsing for tomcat5
Improve cookie parsing for tomcat5
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333
The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
No detection rules found.
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
bugzilla·2008-01-10·CVSS 4.3
CVE-2007-5333 [MEDIUM] CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
rhn_satellite_5.0 tracking bug: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.
For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ
[bug automatically created by: add-tracking-bugs]
Discussion:
[root@rlx-3-18 RPMS]# ls tomcat5-5.0.30-0jpp_9rh.noarch.rpm
tomcat5-5.0.30-0jpp_9rh.noarch.rpm
[root@rlx-3-18 RPMS]# pwd
/tmp/mnt/RPMS
[root@rlx-3-18 RPMS]#
verified
---
This is not a bug. The real issue that was talked about is actually:
private bug Bugzilla Bug 430731: CVE-2007-5461 CVE-2007-3385 CVE-2007-3382
CVE-2007-1358 CVE-2007-1355 CVE-2007
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_4.2]
bugzilla·2008-01-10·CVSS 5.0
CVE-2007-5333 [MEDIUM] CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_4.2]
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_4.2]
rhn_satellite_4.2 tracking bug: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.
For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ
[bug automatically created by: add-tracking-bugs]
Discussion:
Promoted tomcat5-5.0.30-0jpp_10rh.noarch.rpm from support-satellite-5.0-4AS-java
collection, where we fixed it.
---
QA push for 4.2.3 complete: satellite-4.2.3-1 and proxy-4.2.3-1 are
now on webqa. Note that there is _no_ ISO planned for the 4.2.3
release.
Developers, please move your bugs ON_QA.
---
verified in sat 4.2.3 rhel3 & rhel4
---
Even
http://jvn.jp/jp/JVN%2309470767/index.htmlhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/28878http://secunia.com/advisories/28884http://secunia.com/advisories/28915http://secunia.com/advisories/29711http://secunia.com/advisories/30676http://secunia.com/advisories/30802http://secunia.com/advisories/32036http://secunia.com/advisories/32222http://secunia.com/advisories/33330http://secunia.com/advisories/37460http://secunia.com/advisories/44183http://secunia.com/advisories/57126http://security.gentoo.org/glsa/glsa-200804-10.xmlhttp://securityreason.com/securityalert/3636http://support.apple.com/kb/HT2163http://support.apple.com/kb/HT3216http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg24018932http://www-01.ibm.com/support/docview.wss?uid=swg27012047http://www-01.ibm.com/support/docview.wss?uid=swg27012048http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991http://www.mandriva.com/security/advisories?name=MDVSA-2009:018http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.htmlhttp://www.securityfocus.com/archive/1/487822/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/27706http://www.securityfocus.com/bid/31681http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2008/0488http://www.vupen.com/english/advisories/2008/1856/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2008/2690http://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2009/3316https://bugzilla.redhat.com/show_bug.cgi?id=532111https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.htmlhttp://jvn.jp/jp/JVN%2309470767/index.htmlhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/28878http://secunia.com/advisories/28884http://secunia.com/advisories/28915http://secunia.com/advisories/29711http://secunia.com/advisories/30676http://secunia.com/advisories/30802http://secunia.com/advisories/32036http://secunia.com/advisories/32222http://secunia.com/advisories/33330http://secunia.com/advisories/37460http://secunia.com/advisories/44183http://secunia.com/advisories/57126http://security.gentoo.org/glsa/glsa-200804-10.xmlhttp://securityreason.com/securityalert/3636http://support.apple.com/kb/HT2163http://support.apple.com/kb/HT3216http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg24018932http://www-01.ibm.com/support/docview.wss?uid=swg27012047http://www-01.ibm.com/support/docview.wss?uid=swg27012048http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991http://www.mandriva.com/security/advisories?name=MDVSA-2009:018http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.htmlhttp://www.securityfocus.com/archive/1/487822/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/27706http://www.securityfocus.com/bid/31681http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2008/0488http://www.vupen.com/english/advisories/2008/1856/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2008/2690http://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2009/3316https://bugzilla.redhat.com/show_bug.cgi?id=532111
+ 10 more references
2008-02-12
Published