Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-5944
HistoryNov 14, 2007 - 1:46 a.m.

CVE-2007-5944

2007-11-1401:46:00
CWE-79
[email protected]
web.nvd.nist.gov
1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON

Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.

Affected configurations

NVD
Node
ibmwebsphere_application_serverMatch5.1.1.4
OR
ibmwebsphere_application_serverMatch5.1.1.5
OR
ibmwebsphere_application_serverMatch5.1.1.6
OR
ibmwebsphere_application_serverMatch5.1.1.7
OR
ibmwebsphere_application_serverMatch5.1.1.8
OR
ibmwebsphere_application_serverMatch5.1.1.9
OR
ibmwebsphere_application_serverMatch5.1.1.10
OR
ibmwebsphere_application_serverMatch5.1.1.11
OR
ibmwebsphere_application_serverMatch5.1.1.12
OR
ibmwebsphere_application_serverMatch5.1.1.13
OR
ibmwebsphere_application_serverMatch5.1.1.14
OR
ibmwebsphere_application_serverMatch5.1.1.15
OR
ibmwebsphere_application_serverMatch5.1.1.16

Related

cve 3
prion 2
nessus 12
cvelist 3
packetstorm 2
centos 3
checkpoint_advisories 1
f5 2
ubuntucve 2
httpd 1
debiancve 2
oraclelinux 1
redhat 2
nvd 2
openvas 13
seebug 1
exploitpack 1
debian 1
exploitdb 1
osv 1
suse 2
ubuntu 1
cve
cve
CVE-2007-5944
2007-11-14 01:46:00
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
prion
prion
Cross site scripting
2007-11-14 01:46:00
Cross site scripting
2007-12-03 22:46:00
nessus
nessus
Web Server Expect Header XSS
2006-08-23 00:00:00
CentOS 4 : apache (CESA-2006:0618)
2013-06-29 00:00:00
F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)
2014-10-10 00:00:00
cvelist
cvelist
CVE-2007-5944
2007-11-14 01:00:00
CVE-2006-3918
2006-07-28 00:00:00
CVE-2007-6203
2007-12-03 22:00:00
packetstorm
packetstorm
ProCheckUp Security Advisory 2007.37
2007-12-02 00:00:00
Oracle HTTP Server Header Cross Site Scripting
2011-06-14 00:00:00
centos
centos
httpd, mod_ssl security update
2006-08-24 16:29:11
apache security update
2006-08-08 23:33:33
httpd, mod_ssl security update
2006-08-10 22:42:31
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server Header Injection Cross-Site Scripting (CVE-2006-3918)
2014-03-17 00:00:00
f5
f5
K6669 : Apache HTTP Expect header handling
2013-03-19 00:00:00
SOL6669 - Apache HTTP Expect header handling
2007-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2006-3918
2006-07-27 00:00:00
CVE-2007-6203
2007-12-03 00:00:00
httpd
httpd
Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting
2006-05-01 00:00:00
debiancve
debiancve
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
oraclelinux
oraclelinux
Moderate httpd security update
2006-11-30 00:00:00
redhat
redhat
(RHSA-2006:0619) httpd security update
2006-08-10 00:00:00
(RHSA-2006:0618) apache security update
2006-08-08 00:00:00
nvd
nvd
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
openvas
openvas
Debian: Security Advisory (DSA-1167-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1167-1 (apache)
2008-01-17 00:00:00
SLES9: Security update for apache2,apache2-prefork,apache2-worker
2009-10-10 00:00:00
seebug
seebug
Oracle HTTP Server - XSS Header Injection
2014-07-01 00:00:00
exploitpack
exploitpack
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
debian
debian
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
2006-09-04 15:08:06
exploitdb
exploitdb
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
osv
osv
apache - missing input sanitising
2006-09-04 00:00:00
suse
suse
cryptographic problems in apache2
2006-09-08 14:34:17
cross site scripting in apache2,apache
2008-04-04 16:29:16
ubuntu
ubuntu
Apache vulnerabilities
2008-02-04 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON
Related for NVD:CVE-2007-5944
cve3prion2nessus12cvelist3packetstorm2centos3checkpoint_advisories1f52ubuntucve2httpd1debiancve2oraclelinux1redhat2nvd2openvas13seebug1exploitpack1debian1exploitdb1osv1suse2ubuntu1