PublicDate: 2008-02-12 01:00:00 UTC
Candidate: CVE-2007-5333
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
Description:
 Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through
 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C
 (encoded backslash) sequences in a cookie value, which might cause
 sensitive information such as session IDs to be leaked to remote attackers
 and enable session hijacking attacks.  NOTE: this issue exists because of
 an incomplete fix for CVE-2007-3385.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/tomcat5.5/+bug/220540
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465645
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_tomcat5:
upstream_tomcat5: needs-triage
dapper_tomcat5: ignored (reached end-of-life)
edgy_tomcat5: needed (reached end-of-life)
feisty_tomcat5: needed (reached end-of-life)
gutsy_tomcat5: DNE
hardy_tomcat5: DNE
intrepid_tomcat5: DNE
jaunty_tomcat5: DNE
karmic_tomcat5: DNE
lucid_tomcat5: DNE
maverick_tomcat5: DNE
natty_tomcat5: DNE
oneiric_tomcat5: DNE
devel_tomcat5: DNE

Patches_tomcat5.5:
upstream_tomcat5.5: released (5.5.26)
dapper_tomcat5.5: DNE
edgy_tomcat5.5: needed (reached end-of-life)
feisty_tomcat5.5: needed (reached end-of-life)
gutsy_tomcat5.5: needed (reached end-of-life)
hardy_tomcat5.5: ignored (reached end-of-life)
intrepid_tomcat5.5: not-affected (5.5.26-3ubuntu3)
jaunty_tomcat5.5: not-affected (5.5.26-5ubuntu1)
karmic_tomcat5.5: DNE
lucid_tomcat5.5: DNE
maverick_tomcat5.5: DNE
natty_tomcat5.5: DNE
oneiric_tomcat5.5: DNE
devel_tomcat5.5: DNE