4.3
CVSSv2

CVE-2007-1355

Published: 21/05/2007 Updated: 21/11/2024

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.36, 5.0.0 up to and including 5.0.30, 5.5.0 up to and including 5.5.23, and 6.0.0 up to and including 6.0.10 allow remote malicious users to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 4.0.0

apache tomcat 4.0.1

apache tomcat 4.0.2

apache tomcat 4.0.3

apache tomcat 4.0.4

apache tomcat 4.0.5

apache tomcat 4.0.6

apache tomcat 4.1.10

apache tomcat 4.1.15

apache tomcat 4.1.24

apache tomcat 4.1.28

apache tomcat 4.1.31

apache tomcat 5.0.1

apache tomcat 5.0.2

apache tomcat 5.0.3

apache tomcat 5.0.4

apache tomcat 5.0.5

apache tomcat 5.0.6

apache tomcat 5.0.7

apache tomcat 5.0.8

apache tomcat 5.0.9

apache tomcat 5.0.10

apache tomcat 5.0.11

apache tomcat 5.0.12

apache tomcat 5.0.13

apache tomcat 5.0.14

apache tomcat 5.0.15

apache tomcat 5.0.16

apache tomcat 5.0.17

apache tomcat 5.0.18

apache tomcat 5.0.19

apache tomcat 5.0.21

apache tomcat 5.0.22

apache tomcat 5.0.23

apache tomcat 5.0.24

apache tomcat 5.0.25

apache tomcat 5.0.26

apache tomcat 5.0.27

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 5.0.30

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 6.0.2

apache tomcat 6.0.3

apache tomcat 6.0.4

apache tomcat 6.0.5

apache tomcat 6.0.6

apache tomcat 6.0.7

apache tomcat 6.0.8

apache tomcat 6.0.9

apache tomcat 6.0.10

Exploits

source: wwwsecurityfocuscom/bid/24058/info Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsusp ...
The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities Versions affected include Tomcat 400 to 406, Tomcat 410 to 4136, Tomcat 500 to 5030, Tomcat 550 to 5523, and Tomcat 600 to 6010 ...