Search for vulnerabilities
Vulnerability details: VCID-mk2a-kfud-mqff
Vulnerability ID VCID-mk2a-kfud-mqff
Aliases CVE-2007-3382
GHSA-qff8-g48j-pwpw
Summary
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
epss 0.86383 https://api.first.org/data/v1/epss?cve=CVE-2007-3382
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-qff8-g48j-pwpw
generic_textual MODERATE https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2007-3382
generic_textual MODERATE http://support.apple.com/kb/HT2163
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
generic_textual MODERATE http://tomcat.apache.org/security-6.html
generic_textual MODERATE http://www.debian.org/security/2008/dsa-1447
generic_textual MODERATE http://www.debian.org/security/2008/dsa-1453
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2007-0871.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2007-0950.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0195.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0261.html
Reference id Reference type URL
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3382
https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2007-3382
http://support.apple.com/kb/HT2163
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2008/dsa-1447
http://www.debian.org/security/2008/dsa-1453
http://www.redhat.com/support/errata/RHSA-2007-0871.html
http://www.redhat.com/support/errata/RHSA-2007-0950.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
247972 https://bugzilla.redhat.com/show_bug.cgi?id=247972
CVE-2007-3382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
CVE-2007-3382;OSVDB-37070 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30496.txt
CVE-2007-3382;OSVDB-37070 Exploit https://www.securityfocus.com/bid/25316/info
GHSA-qff8-g48j-pwpw https://github.com/advisories/GHSA-qff8-g48j-pwpw
RHSA-2007:0871 https://access.redhat.com/errata/RHSA-2007:0871
RHSA-2007:0876 https://access.redhat.com/errata/RHSA-2007:0876
RHSA-2007:0950 https://access.redhat.com/errata/RHSA-2007:0950
RHSA-2007:1069 https://access.redhat.com/errata/RHSA-2007:1069
RHSA-2008:0195 https://access.redhat.com/errata/RHSA-2008:0195
Data source Exploit-DB
Date added Aug. 14, 2007
Description Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure
Ransomware campaign use Known
Source publication date Aug. 14, 2007
Exploit type remote
Platform multiple
Source update date Dec. 25, 2013
Source URL https://www.securityfocus.com/bid/25316/info
Exploit Prediction Scoring System (EPSS)
Percentile 0.99364
EPSS Score 0.86383
Published At Aug. 8, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:03:28.712553+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-6.html 37.0.0