Lucene search

[email protected]CVE-2007-1355

HistoryMay 21, 2007 - 8:30 p.m.

CVE-2007-1355

2007-05-2120:30:00

[email protected]

web.nvd.nist.gov

cve

2007

1355

cross-site scripting

xss

tomcat

web application

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Affected configurations

NVD

Node

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch4.0.6

apachetomcatMatch4.1.10

apachetomcatMatch4.1.15

apachetomcatMatch4.1.24

apachetomcatMatch4.1.28

apachetomcatMatch4.1.31

apachetomcatMatch5.0.1

apachetomcatMatch5.0.2

apachetomcatMatch5.0.3

apachetomcatMatch5.0.4

apachetomcatMatch5.0.5

apachetomcatMatch5.0.6

apachetomcatMatch5.0.7

apachetomcatMatch5.0.8

apachetomcatMatch5.0.9

apachetomcatMatch5.0.10

apachetomcatMatch5.0.11

apachetomcatMatch5.0.12

apachetomcatMatch5.0.13

apachetomcatMatch5.0.14

apachetomcatMatch5.0.15

apachetomcatMatch5.0.16

apachetomcatMatch5.0.17

apachetomcatMatch5.0.18

apachetomcatMatch5.0.19

apachetomcatMatch5.0.21

apachetomcatMatch5.0.22

apachetomcatMatch5.0.23

apachetomcatMatch5.0.24

apachetomcatMatch5.0.25

apachetomcatMatch5.0.26

apachetomcatMatch5.0.27

apachetomcatMatch5.0.28

apachetomcatMatch5.0.29

apachetomcatMatch5.0.30

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.10

CPENameOperatorVersion
apache:tomcatapache tomcateq4.0.0
apache:tomcatapache tomcateq4.0.1
apache:tomcatapache tomcateq4.0.2
apache:tomcatapache tomcateq4.0.3
apache:tomcatapache tomcateq4.0.4
apache:tomcatapache tomcateq4.0.5
apache:tomcatapache tomcateq4.0.6
apache:tomcatapache tomcateq4.1.10
apache:tomcatapache tomcateq4.1.15
apache:tomcatapache tomcateq4.1.24

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	4.0.0
apache:tomcat	apache tomcat	eq	4.0.1
apache:tomcat	apache tomcat	eq	4.0.2
apache:tomcat	apache tomcat	eq	4.0.3
apache:tomcat	apache tomcat	eq	4.0.4
apache:tomcat	apache tomcat	eq	4.0.5
apache:tomcat	apache tomcat	eq	4.0.6
apache:tomcat	apache tomcat	eq	4.1.10
apache:tomcat	apache tomcat	eq	4.1.15
apache:tomcat	apache tomcat	eq	4.1.24

Rows per page:

1-10 of 521

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

osvdb.org/34875

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/27037

secunia.com/advisories/27727

secunia.com/advisories/30802

secunia.com/advisories/30899

secunia.com/advisories/30908

secunia.com/advisories/31493

secunia.com/advisories/33668

securityreason.com/securityalert/2722

sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/469067/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/24058

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2008/1979/references

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2009/0233

exchange.xforce.ibmcloud.com/vulnerabilities/34377

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2007-1355

openvas20 nessus14 cvelist1 packetstorm1 ubuntucve1 veracode1 freebsd1 securityvulns3 nvd1 prion1 tomcat3 fedora5 altlinux1 redhat3