VulnerableCode Package Details - pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.2?arch=el5

Search for packages

Vulnerability	Summary	Fixed by
VCID-6p3e-4u8s-17ep Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj	Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.	There are no reported fixed by versions.
VCID-7969-7a8h-zyhh Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw	Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.	There are no reported fixed by versions.
VCID-su1y-2bxh-9qe2 Aliases: CVE-2007-3386	Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6p3e-4u8s-17ep
Aliases:
CVE-2007-3385
GHSA-6j8f-66vh-39mj

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

There are no reported fixed by versions.

VCID-7969-7a8h-zyhh
Aliases:
CVE-2007-3382
GHSA-qff8-g48j-pwpw

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

There are no reported fixed by versions.

VCID-su1y-2bxh-9qe2
Aliases:
CVE-2007-3386

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:59:39.758496+00:00	RedHat Importer	Affected by	VCID-su1y-2bxh-9qe2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3386.json	38.0.0
2026-04-01T14:59:39.621305+00:00	RedHat Importer	Affected by	VCID-6p3e-4u8s-17ep	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json	38.0.0
2026-04-01T14:59:38.711569+00:00	RedHat Importer	Affected by	VCID-7969-7a8h-zyhh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json	38.0.0