CVE-2007-3385
Apache Tomcat Mishandles Character Sequence in Cookies
EPSS 74.7%
Description
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the `\"` character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
How to fix CVE-2007-3385
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Maven/org.apache.tomcat:tomcat—no fix listed
Is CVE-2007-3385 being exploited?
Likely — EPSS is 74.7%, placing CVE-2007-3385 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- >= 6.0.0, <= 6.0.13