4.3
CVE-2006-7195
- EPSS 5.48%
- Veröffentlicht 10.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:34:33
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.48% | 0.917 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
http://secunia.com/advisories/28365
http://secunia.com/advisories/33668
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-5.html
http://www.redhat.com/support/errata/RHSA-2007-0327.html
http://www.securityfocus.com/archive/1/485938/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.vupen.com/english/advisories/2008/0065
http://www.vupen.com/english/advisories/2009/0233
http://www.securityfocus.com/bid/28481
http://www.vupen.com/english/advisories/2007/1729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514