|
|
| |
| The previous fix for Tomcat vulnerability CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. |
| |
Credit:
The information has been provided by Mark Thomas.
The original article can be found at: http://tomcat.apache.org/security.html
|
| |
Vulnerable Systems:
* Tomcat version 4.1.0 up to 4.1.36
* Tomcat version 5.5.0 up to 5.5.25
* Tomcat version 6.0.0 up to 6.0.14
Immune Systems:
* Tomcat version 6.0.16
* Tomcat version 5.5.26
* Tomcat version 4.1.x from latest SVN
Example:
<I>+++
GET /myapp/MyCookies HTTP/1.1
Host: localhost
Cookie: name="val " ue"
Cookie: name1=moi
+++
http://example:8080/examples/servlets/servlet/CookieExample? cookiename=test& cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+ 00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B</I>
CVE Information:
CVE-2007-5333
|
|
|
|
|
