CVE-2007-3382 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-3382 Interim 1 5 2023-12-09T02:14:10Z current 2021-05-30T12:39:18Z 2023-12-09T02:14:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-3382 Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LMTVE4EZQNOFAC75PBBXSBZFINGTVNEL/#LMTVE4EZQNOFAC75PBBXSBZFINGTVNEL E-Mail link for SUSE-SR:2008:005 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N E-Mail link for SUSE-SR:2009:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. CVE-2007-3382 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N