admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-53xx/CVE-2007-5333.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

474 lines
13 KiB
JSON
Raw Blame History

{
"id": "CVE-2007-5333",
"sourceIdentifier": "secalert@redhat.com",
"published": "2008-02-12T01:00:00.000",
"lastModified": "2023-11-07T02:01:14.510",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385."
},
{
"lang": "es",
"value": "Apache Tomcat 6.0.0 hasta 6.0.14, 5.5.0 hasta 5.5.25, 4.1.36 y 4.1.0 al no manejar adecuadamente secuencias (1) caracteres de dobles comillas (\") o (2) secuencias de contrabarra codificadas %5C en un valor de cookie, podr\u00eda provocar que informaci\u00f3n sensible como los IDs de sesi\u00f3n sean filtradas a atacantes remotos, as\u00ed como habilitar ataques de secuestro de sesi\u00f3n.\r\nNOTA: este problema existe debido a una arreglo erroneo de CVE-2007-3385."
}
],
"vendorComments": [
{
"organization": "Red Hat",
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
"lastModified": "2008-04-24T00:00:00"
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "4.1.36",
"matchCriteriaId": "E458C818-F9FA-4D48-8D70-D284138BB7F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionEndIncluding": "5.5.25",
"matchCriteriaId": "8B9A1E54-7B84-4ECE-88ED-B28AA9A4EA6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.14",
"matchCriteriaId": "0BBB0739-1784-432E-BF78-3E120A11EE56"
}
]
}
]
}
],
"references": [
{
"url": "http://jvn.jp/jp/JVN%2309470767/index.html",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/28878",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28884",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28915",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/29711",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/30676",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/30802",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/32036",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/32222",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/33330",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/37460",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/44183",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/57126",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200804-10.xml",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://securityreason.com/securityalert/3636",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://support.apple.com/kb/HT2163",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://support.apple.com/kb/HT3216",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://tomcat.apache.org/security-4.html",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://tomcat.apache.org/security-5.html",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://tomcat.apache.org/security-6.html",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24018932",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27012047",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27012048",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:018",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/487822/100/0/threaded",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/27706",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/31681",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/0488",
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/1856/references",
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/1981/references",
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/2690",
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/2780",
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/3316",
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=532111",
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177",
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink