Search for packages
| purl | pkg:rpm/redhat/jbossweb@2.0.0-2.CP01.0jpp.ep1?arch=4 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6p3e-4u8s-17ep
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | There are no reported fixed by versions. |
|
VCID-7969-7a8h-zyhh
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:59:39.297816+00:00 | RedHat Importer | Affected by | VCID-6p3e-4u8s-17ep | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json | 38.0.0 |
| 2026-04-01T14:59:38.396434+00:00 | RedHat Importer | Affected by | VCID-7969-7a8h-zyhh | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json | 38.0.0 |