CVE-2007-1355

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

References

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

http://www.vupen.com/english/advisories/2009/0233

http://www.vupen.com/english/advisories/2008/1981/references

http://www.vupen.com/english/advisories/2008/1979/references

http://www.vupen.com/english/advisories/2007/3386

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/469067/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-4.html

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://support.apple.com/kb/HT2163

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

http://securityreason.com/securityalert/2722

http://secunia.com/advisories/33668

http://secunia.com/advisories/31493

http://secunia.com/advisories/30908

http://secunia.com/advisories/30899

http://secunia.com/advisories/30802

http://secunia.com/advisories/27727

http://secunia.com/advisories/27037

http://rhn.redhat.com/errata/RHSA-2008-0630.html

http://osvdb.org/34875

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Details

Source: Mitre, NVD

Published: 2007-05-21

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium