4.3

CVE-2007-1355

Exploit

EPSS 82.98%
Veröffentlicht 21.05.2007 20:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 37

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version4.0.0

Apache ≫ Tomcat Version4.0.1

Apache ≫ Tomcat Version4.0.2

Apache ≫ Tomcat Version4.0.3

Apache ≫ Tomcat Version4.0.4

Apache ≫ Tomcat Version4.0.5

Apache ≫ Tomcat Version4.0.6

Apache ≫ Tomcat Version4.1.10

Apache ≫ Tomcat Version4.1.15

Apache ≫ Tomcat Version4.1.24

Apache ≫ Tomcat Version4.1.28

Apache ≫ Tomcat Version4.1.31

Apache ≫ Tomcat Version5.0.1

Apache ≫ Tomcat Version5.0.2

Apache ≫ Tomcat Version5.0.3

Apache ≫ Tomcat Version5.0.4

Apache ≫ Tomcat Version5.0.5

Apache ≫ Tomcat Version5.0.6

Apache ≫ Tomcat Version5.0.7

Apache ≫ Tomcat Version5.0.8

Apache ≫ Tomcat Version5.0.9

Apache ≫ Tomcat Version5.0.10

Apache ≫ Tomcat Version5.0.11

Apache ≫ Tomcat Version5.0.12

Apache ≫ Tomcat Version5.0.13

Apache ≫ Tomcat Version5.0.14

Apache ≫ Tomcat Version5.0.15

Apache ≫ Tomcat Version5.0.16

Apache ≫ Tomcat Version5.0.17

Apache ≫ Tomcat Version5.0.18

Apache ≫ Tomcat Version5.0.19

Apache ≫ Tomcat Version5.0.21

Apache ≫ Tomcat Version5.0.22

Apache ≫ Tomcat Version5.0.23

Apache ≫ Tomcat Version5.0.24

Apache ≫ Tomcat Version5.0.25

Apache ≫ Tomcat Version5.0.26

Apache ≫ Tomcat Version5.0.27

Apache ≫ Tomcat Version5.0.28

Apache ≫ Tomcat Version5.0.29

Apache ≫ Tomcat Version5.0.30

Apache ≫ Tomcat Version6.0.0

Apache ≫ Tomcat Version6.0.1

Apache ≫ Tomcat Version6.0.2

Apache ≫ Tomcat Version6.0.3

Apache ≫ Tomcat Version6.0.4

Apache ≫ Tomcat Version6.0.5

Apache ≫ Tomcat Version6.0.6

Apache ≫ Tomcat Version6.0.7

Apache ≫ Tomcat Version6.0.8

Apache ≫ Tomcat Version6.0.9

Apache ≫ Tomcat Version6.0.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	82.98%	0.992

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

http://tomcat.apache.org/security-4.html

http://secunia.com/advisories/30899

http://secunia.com/advisories/30908

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

http://www.vupen.com/english/advisories/2008/1979/references

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

http://secunia.com/advisories/27037

http://secunia.com/advisories/33668

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.vupen.com/english/advisories/2007/3386

http://www.vupen.com/english/advisories/2009/0233

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://secunia.com/advisories/30802

http://support.apple.com/kb/HT2163

http://www.vupen.com/english/advisories/2008/1981/references

http://rhn.redhat.com/errata/RHSA-2008-0630.html

http://secunia.com/advisories/31493

http://secunia.com/advisories/27727

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

http://osvdb.org/34875

http://securityreason.com/securityalert/2722

http://www.securityfocus.com/archive/1/469067/100/0/threaded

http://www.securityfocus.com/bid/24058

Patch

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

https://nvd.nist.gov/vuln/detail/CVE-2007-1355

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1355

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1355

EUVD