2.6

CVE-2007-1358

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version <= 4.1.31
ApacheTomcat Version4.0.0
ApacheTomcat Version4.0.1
ApacheTomcat Version4.0.2
ApacheTomcat Version4.0.3
ApacheTomcat Version4.0.4
ApacheTomcat Version4.0.5
ApacheTomcat Version4.0.6
ApacheTomcat Version4.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.89% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-4.html
Vendor Advisory
http://secunia.com/advisories/30899
Vendor Advisory
http://secunia.com/advisories/30908
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://www.vupen.com/english/advisories/2008/1979/references
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
Vendor Advisory
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://secunia.com/advisories/26660
Vendor Advisory
http://secunia.com/advisories/27037
Vendor Advisory
http://secunia.com/advisories/33668
Vendor Advisory
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.vupen.com/english/advisories/2007/3087
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2009/0233
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/31493
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1729
http://jvn.jp/jp/JVN%2316535199/index.html
http://osvdb.org/34881
http://secunia.com/advisories/25721
Vendor Advisory
http://secunia.com/advisories/27727
Vendor Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html
http://www.securityfocus.com/archive/1/471719/100/0/threaded
http://www.securityfocus.com/bid/24524
http://www.securitytracker.com/id?1018269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html