CVE-2007-5333
mediumCVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Score
81.6%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None
Published: February 12, 2008 (6723 days ago)
Last Modified: April 23, 2026
Vendor: Apache
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
CWE
CWE-200Affected Products
apache tomcat