Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 up to and including 4.0.6 and 4.1.0 up to and including 4.1.34 allows remote malicious users to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat |
||
apache tomcat 4.0.0 |
||
apache tomcat 4.0.1 |
||
apache tomcat 4.0.2 |
||
apache tomcat 4.0.3 |
||
apache tomcat 4.0.4 |
||
apache tomcat 4.0.5 |
||
apache tomcat 4.0.6 |
||
apache tomcat 4.1.0 |