[Japanese]

JVNDB-2008-000009

Apache Tomcat fails to properly handle cookie value

Overview

Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser.

Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.

The developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Apache Software Foundation
  • Apache Tomcat 4.1.0 through 4.1.36
  • Apache Tomcat 5.5.0 through 5.5.25
  • Apache Tomcat 6.0.0 through 6.0.14
VMware
  • VMware ESX 4.0
  • VMware ESX 3.5
  • VMware ESX 3.0.3
  • VMware Server 2.x
  • VMware vCenter 4.0
  • VMware VirtualCenter 2.5
  • VMware VirtualCenter 2.0.2
Apple Inc.
  • Apple Mac OS X v10.4.11
  • Apple Mac OS X Server v10.4.11
  • Apple Mac OS X Server v10.5.5
Trend Micro, Inc.
  • InterScan Messaging Security Suite 7.x
  • TrendMicro InterScan Web Security Suite 3.x
  • TrendMicro InterScan Web Security Suite 2.x
  • TrendMicro InterScan Messaging Security Appliance 7.x
  • TrendMicro InterScan Web Security Appliance 3.x
MIRACLE LINUX CORPORATION
  • Asianux Server 2.0
  • Asianux Server 2.1
  • Asianux Server 3 (x86)
  • Asianux Server 3 (x86-64)
Red Hat, Inc.
  • Red Hat Enterprise Linux 5 (server)
  • Red Hat Enterprise Linux Desktop 5.0 (client)
  • Red Hat Enterprise Linux EUS 5.3.z (server)
  • RHEL Desktop Workstation 5 (client)

Impact

A remote attacker could send a crafted cookie to a user's web browser, which may result in session hijacking.
Solution

[Update the Software]
For Apache Tomcat 6.0.x or Apache Tomcat 5.5.x:
Update the software to the latest version according to the information released by the developer.

For Apache Tomcat 4.1.x:
As of February 8, 2008, the Apache Tomcat Project has not yet released the latest version resolving the vulnerability. They report that they will release Apache Tomcat 4.1.37 soon.

For more information, refer to the developer's website.
Vendor Information

Apache Software Foundation VMware Apple Inc.
  • Apple Security Updates : HT2163
  • Apple Security Updates : HT3216
Trend Micro, Inc. MIRACLE LINUX CORPORATION Red Hat, Inc. NEC Corporation
  • NEC Security Information : NV08-002 (Japanese)
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-5333
References

  1. JVN : JVN#09470767
  2. National Vulnerability Database (NVD) : CVE-2007-5333
  3. LAC SNS Advisory : SNS Advisory No.97
  4. Secunia Advisory : SA28878
  5. SecurityFocus : 27706
  6. FrSIRT Advisories : FrSIRT/ADV-2008-0488
Revision History

  • [2008/05/21]
      Web page published
    [2008/07/11]
      Affected Products : Added Apple Inc.(HT2163).
      Vendor Information : Added Apple Inc.(HT2163).
    [2008/11/04]
      Affected Products : Added Apple Inc.(HT3216).
      Vendor Information : Added Apple Inc.(HT3216).
    [2008/12/09]
      Affected Products : Added Trend Micro, Inc.(2064149).
      Vendor Information : Added Trend Micro, Inc.(iwss_22_sol_en_patch5_readme).
      Vendor Information : Added Trend Micro, Inc.(imss_70_win32_en_sp1_patch2_readme).
      Vendor Information : Added Trend Micro, Inc.(2064149).
      Vendor Information : Added Trend Micro, Inc.(2064436).
    [2009/02/17]
      Vendor Information : Added Trend Micro, Inc.(iwss_31_lx32_en_patch2_readme).
    [2009/04/02]
      Vendor Information : Added Trend Micro, Inc.(readme_iwss25_win_patch4_b2060).
    [2009/04/08]
      Vendor Information : Added Trend Micro, Inc.(readme_iwss25_win_patch4_b2060_r2).
    [2009/06/23]
      Vendor Information : Added Trend Micro, Inc.(README_EN_Patch1).
      Vendor Information : Added Trend Micro, Inc.(readme_imss70_lin_sp1_patch1_b3356).
    [2009/06/25]
      Vendor Information : Added Trend Micro, Inc.(imss_70_lx32_en_sp1_patch2_readme).
    [2009/08/17]
      Affected Products : Added Red Hat, Inc. (RHSA-2009:1164).
      Vendor Information : Added Red Hat, Inc. (RHSA-2009:1164).
    [2009/10/08]
      Affected Products : Added MIRACLE LINUX CORPORATION  (tomcat5-5.5.23-0jpp.7.2.1AXS3).
      Vendor Information : Added MIRACLE LINUX CORPORATION  (tomcat5-5.5.23-0jpp.7.2.1AXS3).
    [2010/01/05]
      Affected Products : Added VMware (VMSA-2009-0016).
      Vendor Information : Added VMware (VMSA-2009-0016).
      Vendor Information : Trend Micro, Inc. (imss_70_sol_sp1_patch1_readme).