LAC Advisory

Site Location

Japanese Edition

SNS Advisory No.97
Apache Tomcat Improper Cookie Handling Session Hijacking Vulnerability

Discovered on:20 Aug 2007
Released on:14 Feb 2008

Severity:

Low

Overview:

Apache Tomcat has a session hijacking vulnerability due to an input validation error when handling a specific character within cookie values. Exploitation of the vulnerability allows the attackers, under specific circumstances, to impersonate the authorized user and gain access to the vulnerable application to launch further attacks.

Description:

Apache Tomcat is an open source software developed under the Jakarta project at the Apache Software Foundation and an application server that implements Java Servlet and JavaServer Pages.

Apache Tomcat has a vulnerability that a specific character is interpreted as a delimiter due to an input validation error when handling \ (%5c) within cookie values.

This could allow attackers to launch further attacks, such as session hijacking, by sending malicious cookies to the user's Web browser.

Affected Products and Versions:
Apache Tomcat 4.1.36 and earlier
Apache Tomcat 5.5.25 and earlier
Apache Tomcat 6.0.14 and earlier

Solution:
The vulnerability can be fixed by updating the software to Apache Tomcat 5.5.26/6.0.16 or later.

Note: The fixed source code for Apache Tomcat 4.1.x has been released in the SVN repository by the Apache Software Foundation <http://www.apache.org/>.

http://archive.apache.org/dist/tomcat/

Discovered by:
Yoshihiro Ishikawa (LAC)

Thanks to:

This LAC Advisory is released in coordination with Information-technology Promotion Agency, Japan (IPA) and Japan Computer Emargency Response Team Coordination Center (JPCERT/CC.)

http://jvn.jp/jp/JVN%2309470767/index.html
http://jvndb.jvn.jp/contents/ja/2008/JVNDB-2008-000009.html

Disclaimer:

The information contained in this advisory may be revised without prior notice and is provided as is. Users shall take their own risk when taking any actions following reading this advisory. Little eArth Corporation Co., Ltd. shall not be held responsible  for any claims, losses or damages caused by the use of information provided here.

 

This advisory is available at the following URL: 

http://www.lac.co.jp/english/advisory/97_e.html

Japanese Edition

Top of Page

Reference

Category Menu

Contact LAC

  • Corporate Profile
  • Corporate Data
  • LAC's Strengths
  • Services and Solutions
  • Corporate History
  • Group Companies
  • Access Map
  • Contact LAC
  • JSOC
  • LAC Advisory