Vulnerability in N/a
CVE-2007-5333
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information…
EPSS: 0.816 (99.2th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- ADV-2008-2690 (vdb-entry, x_refsource_VUPEN)
- 33330 (x_refsource_SECUNIA, third-party-advisory)
- tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
- support.apple.com/kb/HT2163 (x_refsource_CONFIRM)
- 30676 (x_refsource_SECUNIA, third-party-advisory)
- 27706 (vdb-entry, x_refsource_BID)
- 3636 (x_refsource_SREASON, third-party-advisory)
- JVN#09470767 (x_refsource_JVN, third-party-advisory)
- ADV-2008-1981 (vdb-entry, x_refsource_VUPEN)
- IZ20133 (vendor-advisory, x_refsource_AIXAPAR)