lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Aug 2007 23:28:21 -0400 From: Mark Thomas <markt@...che.org> To: Tomcat Users List <users@...cat.apache.org>, Tomcat Developers List <dev@...cat.apache.org>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Cc: "CERT\(R\) Coordination Center" <cert@...t.org> Subject: CVE-2007-3382: Handling of cookies containing a ' character -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3382: Handling of cookies containing a ' character Severity: Low (Session Hi-jacking) Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 3.3 to 3.3.2 Description: Tomcat incorrectly treats a single quote character (') in a cookie value as a delimiter. In some circumstances this can lead to the leaking of information such as session ID to an attacker. Mitigation: Upgrade to 6.0.14 Credit: This issue was discovered by Tomasz Kuczynski, Poznan Supercomputing and Networking Center, who worked with the CERT/CC to report the vulnerability. Example: http://localost:8080/servlets-examples/servlet/CookieExample?cookiename=BLOCKER&cookievalue=%5C%22A%3D%27%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B References: http://tomcat.apache.org/security.html Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGwSFVb7IeiTPGAkMRAjkwAKDnu+C08WRZazmZfzunFeHcitsvnACg3CtP 6c6FCxbFOcfxhqqayg8kdUI= =MkDj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists