DescriptionApache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2008:005, published Thu, 06 Mar 2008 13:00:00 +0000
- SUSE-SR:2009:004, published Tue, 17 Feb 2009 10:00:00 +0000
SUSE Timeline for this CVECVE page created: Tue Jul 9 15:32:39 2013
CVE page last modified: Fri Oct 7 12:45:37 2022