Apache Tomcat错误消息报告跨站脚本漏洞

CVE ID:CVE-2007-3384 CNCVE ID:CNCVE-20073384 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 当报告错误消息时，在显示前Tomcat没有正确过滤用户提供的数据，可导致跨站脚本攻击，攻击者诱使用户访问可导致获得敏感信息。 Apache Software Foundation Tomcat 3.3.2 Apache Software Foundation Tomcat 3.3.1 a Apache Softwar...

CVE-2007-1354

The Access Control functionality JMXOpsAccessControlFilter in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by...

Race condition

The Access Control functionality JMXOpsAccessControlFilter in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by...

CVE-2007-1354

The Access Control functionality JMXOpsAccessControlFilter in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by...

CVE-2007-1354

CVE-2007-1354 affects JBoss Application Server’s JMX Console (JBoss AS 4.0.2 and 4.0.5 before 20070416). The flaw is in JMXOpsAccessControlFilter, which stores the current user’s roles in a member variable, enabling a race condition where a remote authenticated administrator could log in during a...

CVE-2007-4025

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

Code injection

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

CVE-2007-4025

CVE-2007-4025 affects Sun Java System Application Server (SJS) 8.1–9.0 prior to 20070724 on Windows. It allows remote attackers to obtain JSP source code via unspecified vectors. The connected documents do not specify root cause, explicit exploit method, or a fix/remediation. No remediation detai...

Code injection

Multiple unspecified vulnerabilities in IBM WebSphere Application Server WAS before Fix Pack 21 6.0.2.21 have unknown impact and attack vectors, aka 1 PK33799, or 2 a "Potential security exposure" in the Samples component PK40213...

CVE-2007-3960

Multiple unspecified vulnerabilities in IBM WebSphere Application Server WAS before Fix Pack 21 6.0.2.21 have unknown impact and attack vectors, aka 1 PK33799, or 2 a "Potential security exposure" in the Samples component PK40213...

CVE-2007-3960

CVE-2007-3960 affects IBM WebSphere Application Server 6.0.x before Fix Pack 21 (6.0.2.21). Connected sources indicate multiple vulnerabilities, including at least one where the web container may emit response data intended for a different request after a closed connection error (PK41446) and oth...

CVE-2007-3863

Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02...

Design/Logic Flaw

Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01...

CVE-2007-3859

Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01...

CVE-2007-3861

Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01...

CVE-2007-3862

Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01...

Design/Logic Flaw

Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02...

Design/Logic Flaw

Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01...

CVE-2007-3861

Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01...