CVE-2007-3385: Apache Tomcat Cookie 敏感信息泄露漏洞

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2007-3385 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

漏洞

N/A

来源: 美国国家漏洞数据库 NVD

漏洞信息

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

来源: 美国国家漏洞数据库 NVD

漏洞信息

N/A

来源: 美国国家漏洞数据库 NVD

漏洞

N/A

来源: 美国国家漏洞数据库 NVD

漏洞

Apache Tomcat Cookie 敏感信息泄露漏洞

来源: 中国国家信息安全漏洞库 CNNVD

漏洞信息

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat没有正确地处理Cookie值中的字符序列，且错误地将Cookie值中的单引号处理为分隔符，在某些情况下，这可能导致泄露敏感信息，如会话ID。

来源: 中国国家信息安全漏洞库 CNNVD

漏洞信息

N/A

来源: 中国国家信息安全漏洞库 CNNVD

漏洞

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
-	n/a	n/a	-

二、漏洞 CVE-2007-3385 的公开POC

#	POC 描述	源链接	神龙链接

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2007-3385 的情报信息

第登录三、漏洞 %(cve_id)s 的情报信息

http://tomcat.apache.org/security-6.htmlx_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540x_refsource_CONFIRM
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxx_refsource_CONFIRM
http://support.apple.com/kb/HT2163x_refsource_CONFIRM
http://securityreason.com/securityalert/3011third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/29242third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36486third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28361third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28317third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27727third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26898third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27267third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27037third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25316vdb-entryx_refsource_BID
http://secunia.com/advisories/33668third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26466third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30802third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/44183third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1018557vdb-entryx_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562vendor-advisoryx_refsource_AIXAPAR
http://www.debian.org/security/2008/dsa-1447vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2008/dsa-1453vendor-advisoryx_refsource_DEBIAN
http://www.kb.cert.org/vuls/id/993544third-party-advisoryx_refsource_CERT-VN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554vendor-advisoryx_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2007/3527vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/0233vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/3386vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2902vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1981/referencesvdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0195.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2007-0871.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2007-0950.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0261.htmlvendor-advisoryx_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlvendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlvendor-advisoryx_refsource_SUSE
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlvendor-advisoryx_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/35999vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/476444/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/500396/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
http://www.securityfocus.com/archive/1/500412/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2007-3385

新漏洞

产品: n/a

厂商: n/a

四、漏洞 CVE-2007-3385 的评论

暂无评论

支持本站 — 捐款将帮助我们持续运营

一、漏洞 CVE-2007-3385 基础信息

漏洞信息

漏洞

漏洞信息

漏洞信息

漏洞

漏洞

漏洞信息

漏洞信息

漏洞

受影响产品

二、漏洞 CVE-2007-3385 的公开POC

三、漏洞 CVE-2007-3385 的情报信息

新漏洞

四、漏洞 CVE-2007-3385 的评论

发表评论

支持本站 — 捐款将帮助我们持续运营

一、 漏洞 CVE-2007-3385 基础信息

漏洞信息

漏洞

漏洞信息

漏洞信息

漏洞

漏洞

漏洞信息

漏洞信息

漏洞

受影响产品

二、漏洞 CVE-2007-3385 的公开POC

三、漏洞 CVE-2007-3385 的情报信息

新漏洞

四、漏洞 CVE-2007-3385 的评论

发表评论

一、漏洞 CVE-2007-3385 基础信息