Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2154
HistoryAug 23, 2007 - 12:00 a.m.

Apache Tomcat Host Manager Servlet跨站脚本执行漏洞

2007-08-2300:00:00
Root
www.seebug.org
18

0.004 Low

EPSS

Percentile

72.0%

JSON

BUGTRAQ ID: 25314
CVE(CAN) ID: CVE-2007-3386

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。

Apache Tomcat实现上存在输入验证漏洞,远程攻击者可能利用引漏洞导致跨站脚本执行。

Apache Tomcat的Host Manager Servlet没有正确地过滤用户输入,如果用户向服务器提交了恶意请求的话就可以执行跨站脚本攻击,导致注入并执行任意HTML和Web脚本。

Apache Group Tomcat 6.0.0 - 6.0.13
Apache Group Tomcat 5.5.0 - 5.5.24
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz” target=“_blank”>http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz</a>


                                                &lt;form action=&quot;http://localhost:8080/host-manager/html/add&quot; method=&quot;get&quot;&gt;
&lt;input type=&quot;hidden&quot; NAME='name' VALUE=&quot;aaa&quot;&gt;
&lt;input type=&quot;hidden&quot;&amp;n

Related

prion 1
cve 1
packetstorm 1
ubuntucve 1
jvn 1
veracode 1
securityvulns 3
nessus 14
redhat 2
centos 1
oraclelinux 1
openvas 18
debian 1
tomcat 2
osv 1
altlinux 1
fedora 5
prion
prion
Cross site scripting
2007-08-14 22:17:00
cve
cve
CVE-2007-3386
2007-08-14 22:17:00
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-12 09:08:34
securityvulns
securityvulns
CVE-2007-3386: XSS in Host Manager
2007-08-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
nessus
nessus
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2007-0871
2015-10-08 00:00:00
Debian Security Advisory DSA 1447-1 (tomcat5.5)
2008-01-17 00:00:00
Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)
2009-04-09 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03

0.004 Low

EPSS

Percentile

72.0%

JSON
Related for SSV:2154
prion1cve1packetstorm1ubuntucve1jvn1veracode1securityvulns3nessus14redhat2centos1oraclelinux1openvas18debian1tomcat2osv1altlinux1fedora5