Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
tomcatApache TomcatTOMCAT:CAB438FBDD760140423C7697D5982A71
HistoryDec 18, 2006 - 12:00 a.m.

Fixed in Apache Tomcat 6.0.6

2006-12-1800:00:00
Apache Tomcat
tomcat.apache.org
10

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.768 High

EPSS

Percentile

98.2%

JSON

Low: Cross-site scripting CVE-2007-1358

Web pages that display the Accept-Language header value sent by the client are susceptible to a cross-site scripting attack if they assume the Accept-Language header value conforms to RFC 2616. Under normal circumstances this would not be possible to exploit, however older versions of Flash player were known to allow carefully crafted malicious Flash files to make requests with such custom headers. When generating the response for getLocale() and getLocales(), Tomcat now ignores values for Accept-Language headers that do not conform to RFC 2616. Applications that use the raw header values directly should not assume that the headers conform to RFC 2616 and should filter the values appropriately.

Affects: 6.0.0-6.0.5

CPENameOperatorVersion
apache tomcatge6.0.0
apache tomcatle6.0.5

Related

cve 1
securityvulns 3
prion 1
jvn 1
github 1
veracode 1
nessus 16
osv 1
tomcat 2
ubuntucve 1
openvas 12
redhat 8
freebsd 1
centos 1
oraclelinux 1
altlinux 1
fedora 5
seebug 1
cve
cve
CVE-2007-1358
2007-05-10 00:19:00
securityvulns
securityvulns
Apache Tomcat Accept-Language crossite scripting
2007-06-19 00:00:00
[CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing
2007-06-19 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
2009-01-28 00:00:00
prion
prion
Cross site scripting
2007-05-10 00:19:00
jvn
jvn
JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
2007-06-19 00:00:00
github
github
Apache Tomcat XSS In Accept-Language Headers
2022-05-01 17:52:51
veracode
veracode
Cross-site Scripting (XSS)
2018-11-13 06:36:00
nessus
nessus
Apache Tomcat < 6.0.6 Cross-Site Scripting
2019-01-11 00:00:00
Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities
2011-11-18 00:00:00
Apache Tomcat 5.x < 5.5.21 Multiple Vulnerabilities
2010-06-11 00:00:00
osv
osv
Apache Tomcat XSS In Accept-Language Headers
2022-05-01 17:52:51
tomcat
tomcat
Fixed in Apache Tomcat 5.5.21, 5.0.SVN
2007-03-08 00:00:00
Fixed in Apache Tomcat 4.1.36
2005-06-30 00:00:00
ubuntucve
ubuntucve
CVE-2007-1358
2007-05-10 00:00:00
openvas
openvas
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
Oracle Linux Local Check: ELSA-2007-0327
2015-10-08 00:00:00
Fedora Update for tomcat5 FEDORA-2007-3456
2009-02-27 00:00:00
redhat
redhat
(RHSA-2007:0360) Important: jbossas security update
2007-05-24 00:00:00
(RHSA-2007:0328) Important: tomcat security update
2007-05-24 00:00:00
(RHSA-2007:0327) Important: tomcat security update
2007-05-14 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
oraclelinux
oraclelinux
Important: tomcat security update
2007-06-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.768 High

EPSS

Percentile

98.2%

JSON
Related for TOMCAT:CAB438FBDD760140423C7697D5982A71
cve1securityvulns3prion1jvn1github1veracode1nessus16osv1tomcat2ubuntucve1openvas12redhat8freebsd1centos1oraclelinux1altlinux1fedora5seebug1