Lucene search

[email protected]CVE-2007-1355

HistoryMay 21, 2007 - 8:30 p.m.

CVE-2007-1355

2007-05-2120:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

1355

cross-site scripting

xss

tomcat

web application

vulnerability

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.079 Low

EPSS

Percentile

94.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

CPENameOperatorVersion
apache:tomcatapache tomcateq4.0.4
apache:tomcatapache tomcateq5.0.8
apache:tomcatapache tomcateq5.0.19
apache:tomcatapache tomcateq6.0.6
apache:tomcatapache tomcateq5.0.14
apache:tomcatapache tomcateq4.1.24
apache:tomcatapache tomcateq5.0.22
apache:tomcatapache tomcateq5.0.7
apache:tomcatapache tomcateq6.0.7
apache:tomcatapache tomcateq6.0.4

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	4.0.4
apache:tomcat	apache tomcat	eq	5.0.8
apache:tomcat	apache tomcat	eq	5.0.19
apache:tomcat	apache tomcat	eq	6.0.6
apache:tomcat	apache tomcat	eq	5.0.14
apache:tomcat	apache tomcat	eq	4.1.24
apache:tomcat	apache tomcat	eq	5.0.22
apache:tomcat	apache tomcat	eq	5.0.7
apache:tomcat	apache tomcat	eq	6.0.7
apache:tomcat	apache tomcat	eq	6.0.4

Rows per page:

1-10 of 521

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

osvdb.org/34875

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/27037

secunia.com/advisories/27727

secunia.com/advisories/30802

secunia.com/advisories/30899

secunia.com/advisories/30908

secunia.com/advisories/31493

secunia.com/advisories/33668

securityreason.com/securityalert/2722

sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/469067/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/24058

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2008/1979/references

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2009/0233

exchange.xforce.ibmcloud.com/vulnerabilities/34377

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.079 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2007-1355

packetstorm1 openvas20 securityvulns3 veracode1 ubuntucve1 freebsd1 nessus14 tomcat3 prion1 fedora5 altlinux1 redhat3