4.3
CVSSv2

CVE-2007-1355

Published: 21/05/2007 Updated: 25/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.36, 5.0.0 up to and including 5.0.30, 5.5.0 up to and including 5.5.23, and 6.0.0 up to and including 6.0.10 allow remote malicious users to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Affected Products

Vendor Product Versions
ApacheTomcat4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.10, 4.1.15, 4.1.24, 4.1.28, 4.1.31, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10

Exploits

source: wwwsecurityfocuscom/bid/24058/info Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsusp ...

Mailing Lists

The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities Versions affected include Tomcat 400 to 406, Tomcat 410 to 4136, Tomcat 500 to 5030, Tomcat 550 to 5523, and Tomcat 600 to 6010 ...

References

NVD-CWE-Otherhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://osvdb.org/34875http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/27037http://secunia.com/advisories/27727http://secunia.com/advisories/30802http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://secunia.com/advisories/31493http://secunia.com/advisories/33668http://securityreason.com/securityalert/2722http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1http://support.apple.com/kb/HT2163http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/469067/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/24058http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2008/1979/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/34377https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttps://www.rapid7.com/db/vulnerabilities/freebsd-vid-ab2575d6-39f0-11dc-b8cc-000fea449b8ahttps://packetstormsecurity.com/files/56883/CVE-2007-1355.txt.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/30052/https://www.rapid7.com/db/vulnerabilities/http-tomcat-sample-app-hello-xss