Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:07100457
HistoryJun 15, 2007 - 12:00 a.m.

JVN#07100457 Apache Tomcat cross-site scripting vulnerability

2007-06-1500:00:00
Japan Vulnerability Notes
jvn.jp
12

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.3%

JSON

Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.
Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability.

Impact

When a user logs into Apache Tomcat Web Application Manager, an arbitrary script may be executed on the user’s web browser.

Solution

Update the Software
Apache Tomcat 6.0.x users should update to Apache Tomcat 6.0.14.
For more information, refer to the developer’s website.

Workarounds
This issue can be mitigated by logging out (closing the browser) of Web Application Manager when finished.
When using Apache Tomcat 4.x or 5.x, apply the workaround described above as an update has not been provided by the developer.

Products Affected

  • Apache Tomcat 4.0.0 - 4.0.6
  • Apache Tomcat 4.1.0 - 4.1.36
  • Apache Tomcat 5.0.0 - 5.0.30
  • Apache Tomcat 5.5.0 - 5.5.24
  • Apache Tomcat 6.0.0 - 6.0.13

Related

prion 1
ubuntucve 1
github 1
veracode 1
securityvulns 4
osv 2
cve 1
nessus 19
redhat 4
debian 1
openvas 26
oraclelinux 1
centos 1
tomcat 3
fedora 5
altlinux 1
prion
prion
Cross site scripting
2007-06-14 23:30:00
ubuntucve
ubuntucve
CVE-2007-2450
2007-06-14 00:00:00
github
github
Apache Tomcat vulnerable to Cross-site Scripting
2022-05-01 18:03:36
veracode
veracode
Cross-site Scripting (XSS)
2018-11-13 04:38:10
securityvulns
securityvulns
[Full-disclosure] [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager
2007-06-14 00:00:00
Apache Tomcat crossite scripting
2007-06-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2008-02-10 00:00:00
osv
osv
Apache Tomcat vulnerable to Cross-site Scripting
2022-05-01 18:03:36
tomcat5.5
2008-01-20 00:00:00
cve
cve
CVE-2007-2450
2007-06-14 23:30:00
nessus
nessus
CentOS 5 : tomcat (CESA-2007:0569)
2007-07-27 00:00:00
Debian DSA-1468-1 : tomcat5.5 - several vulnerabilities
2008-01-27 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0569)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2007:0569) Moderate: tomcat security update
2007-07-17 00:00:00
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
(RHSA-2008:0524) Low: Red Hat Network Satellite Server security update
2008-06-30 00:00:00
debian
debian
[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-20 15:17:40
openvas
openvas
Debian Security Advisory DSA 1468-1 (tomcat5.5)
2008-01-31 00:00:00
Oracle: Security Advisory (ELSA-2007-0569)
2015-10-08 00:00:00
Debian: Security Advisory (DSA-1468-1)
2008-01-31 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-07-17 00:00:00
centos
centos
tomcat5 security update
2007-07-22 15:57:46
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.3%

JSON
Related for JVN:07100457
prion1ubuntucve1github1veracode1securityvulns4osv2cve1nessus19redhat4debian1openvas26oraclelinux1centos1tomcat3fedora5altlinux1