JVNDB-2008-000009

Apache Tomcat fails to properly handle cookie value

Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser.

Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.

The developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.

Apache Software Foundation

• Apache Tomcat 4.1.0 through 4.1.36
• Apache Tomcat 5.5.0 through 5.5.25
• Apache Tomcat 6.0.0 through 6.0.14

VMware

• VMware ESX 4.0
• VMware ESX 3.5
• VMware ESX 3.0.3
• VMware Server 2.x
• VMware vCenter 4.0
• VMware VirtualCenter 2.5
• VMware VirtualCenter 2.0.2

Apple Inc.

• Apple Mac OS X v10.4.11
• Apple Mac OS X Server v10.4.11
• Apple Mac OS X Server v10.5.5

Trend Micro, Inc.

• InterScan Messaging Security Suite 7.x
• TrendMicro InterScan Web Security Suite 3.x
• TrendMicro InterScan Web Security Suite 2.x
• TrendMicro InterScan Messaging Security Appliance 7.x
• TrendMicro InterScan Web Security Appliance 3.x

MIRACLE LINUX CORPORATION

• Asianux Server 2.0
• Asianux Server 2.1
• Asianux Server 3 (x86)
• Asianux Server 3 (x86-64)

Red Hat, Inc.

• Red Hat Enterprise Linux 5 (server)
• Red Hat Enterprise Linux Desktop 5.0 (client)
• Red Hat Enterprise Linux EUS 5.3.z (server)
• RHEL Desktop Workstation 5 (client)

A remote attacker could send a crafted cookie to a user's web browser, which may result in session hijacking.

[Update the Software]
For Apache Tomcat 6.0.x or Apache Tomcat 5.5.x:
Update the software to the latest version according to the information released by the developer.

For Apache Tomcat 4.1.x:
As of February 8, 2008, the Apache Tomcat Project has not yet released the latest version resolving the vulnerability. They report that they will release Apache Tomcat 4.1.37 soon.

For more information, refer to the developer's website.

Apache Software Foundation

• Apache Tomcat : Security Updates
• Apache Tomcat : Apache Tomcat 4.x vulnerabilities
• Apache Tomcat : Apache Tomcat 5.x vulnerabilities
• Apache Tomcat : Apache Tomcat 6.x vulnerabilities

VMware

• VMware Security Advisories : VMSA-2009-0016

Apple Inc.

• Apple Security Updates : HT2163
• Apple Security Updates : HT3216

Trend Micro, Inc.

• Trend Micro ReadMe Documentation : iwss_22_sol_en_patch5_readme
• Trend Micro ReadMe Documentation : imss_70_win32_en_sp1_patch2_readme
• Trend Micro ReadMe Documentation : iwss_31_lx32_en_patch2_readme
• Trend Micro ReadMe Documentation : readme_iwss25_win_patch4_b2060 (Japanese)
• Trend Micro ReadMe Documentation : readme_iwss25_win_patch4_b2060_r2 (Japanese)
• Trend Micro ReadMe Documentation : README_EN_Patch1
• Trend Micro ReadMe Documentation : readme_imss70_lin_sp1_patch1_b3356 (Japanese)
• Trend Micro ReadMe Documentation : imss_70_lx32_en_sp1_patch2_readme
• Trend Micro ReadMe Documentation : imss_70_sol_sp1_patch1_readme
• TrendMicro Support : 2064149 (Japanese)
• TrendMicro Support : 2064436 (Japanese)

MIRACLE LINUX CORPORATION

• Asianux Technical Support Network : tomcat5-5.5.23-0jpp.7.2.1AXS3
• MIRACLE LINUX Update Information : 1253 (Japanese)

Red Hat, Inc.

• Red Hat Security Advisory : RHSA-2009:1164

NEC Corporation

• NEC Security Information : NV08-002 (Japanese)

1. Information Exposure(CWE-200) [NVD Evaluation]

1. CVE-2007-5333

1. JVN : JVN#09470767
2. National Vulnerability Database (NVD) : CVE-2007-5333
3. LAC SNS Advisory : SNS Advisory No.97
4. Secunia Advisory : SA28878
5. SecurityFocus : 27706
6. FrSIRT Advisories : FrSIRT/ADV-2008-0488

• [2008/05/21]
    Web page published
  [2008/07/11]
    Affected Products : Added Apple Inc.(HT2163).
    Vendor Information : Added Apple Inc.(HT2163).
  [2008/11/04]
    Affected Products : Added Apple Inc.(HT3216).
    Vendor Information : Added Apple Inc.(HT3216).
  [2008/12/09]
    Affected Products : Added Trend Micro, Inc.(2064149).
    Vendor Information : Added Trend Micro, Inc.(iwss_22_sol_en_patch5_readme).
    Vendor Information : Added Trend Micro, Inc.(imss_70_win32_en_sp1_patch2_readme).
    Vendor Information : Added Trend Micro, Inc.(2064149).
    Vendor Information : Added Trend Micro, Inc.(2064436).
  [2009/02/17]
    Vendor Information : Added Trend Micro, Inc.(iwss_31_lx32_en_patch2_readme).
  [2009/04/02]
    Vendor Information : Added Trend Micro, Inc.(readme_iwss25_win_patch4_b2060).
  [2009/04/08]
    Vendor Information : Added Trend Micro, Inc.(readme_iwss25_win_patch4_b2060_r2).
  [2009/06/23]
    Vendor Information : Added Trend Micro, Inc.(README_EN_Patch1).
    Vendor Information : Added Trend Micro, Inc.(readme_imss70_lin_sp1_patch1_b3356).
  [2009/06/25]
    Vendor Information : Added Trend Micro, Inc.(imss_70_lx32_en_sp1_patch2_readme).
  [2009/08/17]
    Affected Products : Added Red Hat, Inc. (RHSA-2009:1164).
    Vendor Information : Added Red Hat, Inc. (RHSA-2009:1164).
  [2009/10/08]
    Affected Products : Added MIRACLE LINUX CORPORATION  (tomcat5-5.5.23-0jpp.7.2.1AXS3).
    Vendor Information : Added MIRACLE LINUX CORPORATION  (tomcat5-5.5.23-0jpp.7.2.1AXS3).
  [2010/01/05]
    Affected Products : Added VMware (VMSA-2009-0016).
    Vendor Information : Added VMware (VMSA-2009-0016).
    Vendor Information : Trend Micro, Inc. (imss_70_sol_sp1_patch1_readme).