Lucene search

[email protected]CVE-2007-1358

HistoryMay 10, 2007 - 12:19 a.m.

CVE-2007-1358

2007-05-1000:19:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-1358

xss

apache tomcat

vulnerability

nvd

5.3 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.768 High

EPSS

Percentile

98.2%

JSON

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted “Accept-Language headers that do not conform to RFC 2616”.

CPENameOperatorVersion
apache:tomcatapache tomcateq4.0.4
apache:tomcatapache tomcateq4.0.6
apache:tomcatapache tomcateq4.0.3
apache:tomcatapache tomcateq4.0.1
apache:tomcatapache tomcateq4.1.0
apache:tomcatapache tomcateq4.0.2
apache:tomcatapache tomcateq4.0.5
apache:tomcatapache tomcateq4.0.0
apache:tomcatapache tomcatle4.1.31

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	4.0.4
apache:tomcat	apache tomcat	eq	4.0.6
apache:tomcat	apache tomcat	eq	4.0.3
apache:tomcat	apache tomcat	eq	4.0.1
apache:tomcat	apache tomcat	eq	4.1.0
apache:tomcat	apache tomcat	eq	4.0.2
apache:tomcat	apache tomcat	eq	4.0.5
apache:tomcat	apache tomcat	eq	4.0.0
apache:tomcat	apache tomcat	le	4.1.31

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

docs.info.apple.com/article.html?artnum=306172

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

jvn.jp/jp/JVN%2316535199/index.html

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

osvdb.org/34881

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/25721

secunia.com/advisories/26235

secunia.com/advisories/26660

secunia.com/advisories/27037

secunia.com/advisories/27727

secunia.com/advisories/30899

secunia.com/advisories/30908

secunia.com/advisories/31493

secunia.com/advisories/33668

sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/471719/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/24524

www.securityfocus.com/bid/25159

www.securitytracker.com/id?1018269

www.vupen.com/english/advisories/2007/1729

www.vupen.com/english/advisories/2007/2732

www.vupen.com/english/advisories/2007/3087

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2008/1979/references

www.vupen.com/english/advisories/2009/0233

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

5.3 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.768 High

EPSS

Percentile

98.2%

JSON

Related for CVE-2007-1358

tomcat3 securityvulns3 veracode1 nessus16 osv1 ubuntucve1 prion1 github1 jvn1 openvas12 redhat8 freebsd1 centos1 oraclelinux1 altlinux1 fedora5 seebug1