DescriptionApache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2008:005, published Thu, 06 Mar 2008 13:00:00 +0000
- SUSE-SR:2009:004, published Tue, 17 Feb 2009 10:00:00 +0000
SUSE Timeline for this CVECVE page created: Tue Jul 9 15:32:48 2013
CVE page last modified: Fri Oct 7 12:45:37 2022