Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5333Sensitive Information Exposure in Apache Tomcat

CWE-200Sensitive Information Exposure8 documents7 sources
Severity
5.0MEDIUMNVD
CNA4.3GHSA4.3OSV4.3
EPSS
81.6%
top 0.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedFeb 12
Latest updateMay 1

Description

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat4.1.04.1.36+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
Exposure of Sensitive Information in Apache Tomcat2022-05-01
OSV
Exposure of Sensitive Information in Apache Tomcat2022-05-01
CVEList
CVE-2007-5333: Apache Tomcat 62008-02-12

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure2008-02-09

📋Vendor Advisories

1
Red Hat
Improve cookie parsing for tomcat52008-02-11

💬Community

2
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]2008-01-10
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_4.2]2008-01-10
CVE-2007-5333 — Sensitive Information Exposure | cvebase