CVE-2007-3384

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

References

http://www.securityfocus.com/bid/25174

http://www.securityfocus.com/archive/1/475321/100/0/threaded

http://tomcat.apache.org/security-3.html

http://securitytracker.com/id?1018503

http://securityreason.com/securityalert/2971

http://osvdb.org/39035

Details

Source: Mitre, NVD

Published: 2007-08-08

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium