CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
95.0%
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | tomcat | 4.0.0 | cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:* |
apache | tomcat | 4.0.1 | cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:* |
apache | tomcat | 4.0.2 | cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:* |
apache | tomcat | 4.0.3 | cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:* |
apache | tomcat | 4.0.4 | cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:* |
apache | tomcat | 4.0.5 | cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:* |
apache | tomcat | 4.0.6 | cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:* |
apache | tomcat | 4.1.10 | cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:* |
apache | tomcat | 4.1.15 | cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:* |
apache | tomcat | 4.1.24 | cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:* |
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
osvdb.org/34875
rhn.redhat.com/errata/RHSA-2008-0630.html
secunia.com/advisories/27037
secunia.com/advisories/27727
secunia.com/advisories/30802
secunia.com/advisories/30899
secunia.com/advisories/30908
secunia.com/advisories/31493
secunia.com/advisories/33668
securityreason.com/securityalert/2722
sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
support.apple.com/kb/HT2163
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.securityfocus.com/archive/1/469067/100/0/threaded
www.securityfocus.com/archive/1/500396/100/0/threaded
www.securityfocus.com/archive/1/500412/100/0/threaded
www.securityfocus.com/bid/24058
www.vupen.com/english/advisories/2007/3386
www.vupen.com/english/advisories/2008/1979/references
www.vupen.com/english/advisories/2008/1981/references
www.vupen.com/english/advisories/2009/0233
exchange.xforce.ibmcloud.com/vulnerabilities/34377
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html