Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMark ThomasPACKETSTORM:58554
HistoryAug 14, 2007 - 12:00 a.m.

CVE-2007-3386.txt

2007-08-1400:00:00
Mark Thomas
packetstormsecurity.com
24

0.004 Low

EPSS

Percentile

72.0%

JSON
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
CVE-2007-3386: XSS in Host Manager  
  
Severity:  
Low (Cross-site scripting)  
  
Vendor:  
The Apache Software Foundation  
  
Versions Affected:  
6.0.0 to 6.0.13  
5.5.0 to 5.5.24  
  
Description:  
The Host Manager Servlet does not filter user supplied data before  
display. This enables an XSS attack.  
  
Mitigation:  
Log out (close browser) of the Host Manager application once admin  
tasks are complete  
Upgrade to 6.0.14  
  
Credit:  
This issue was discovered by the NTT OSS CENTER who worked with the  
JPCERT/CC to report the vulnerability.  
  
Example:  
<form action="http://localhost:8080/host-manager/html/add" method="get">  
<input type="hidden" NAME='name' VALUE="aaa">  
<input type="hidden" NAME='aliases' VALUE="<script>alert()</script>">  
<input type="submit">  
</form>  
  
References:  
http://tomcat.apache.org/security.html  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.7 (MingW32)  
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org  
  
iD8DBQFGwSFyb7IeiTPGAkMRAlgMAKCe0hS+c6so9pxK3KfN7LggWv+3uQCfUsAg  
95+vMfHDJlrKHP/yKUZ0SYc=  
=1pQc  
-----END PGP SIGNATURE-----  
`

Related

prion 1
cve 1
seebug 1
jvn 1
ubuntucve 1
veracode 1
securityvulns 3
nessus 14
redhat 2
centos 1
oraclelinux 1
openvas 18
tomcat 2
osv 1
debian 1
altlinux 1
fedora 5
prion
prion
Cross site scripting
2007-08-14 22:17:00
cve
cve
CVE-2007-3386
2007-08-14 22:17:00
seebug
seebug
Apache Tomcat Host Manager Servletθ·¨η«™θ„šζœ¬ζ‰§θ‘ŒζΌζ΄ž
2007-08-23 00:00:00
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-12 09:08:34
securityvulns
securityvulns
CVE-2007-3386: XSS in Host Manager
2007-08-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
nessus
nessus
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
redhat
redhat
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2007-0871
2015-10-08 00:00:00
Debian Security Advisory DSA 1447-1 (tomcat5.5)
2008-01-17 00:00:00
Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)
2009-04-09 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03

0.004 Low

EPSS

Percentile

72.0%

JSON
Related for PACKETSTORM:58554
prion1cve1seebug1jvn1ubuntucve1veracode1securityvulns3nessus14redhat2centos1oraclelinux1openvas18tomcat2osv1debian1altlinux1fedora5