CVE

CVE-2006-7195

Date: (C)2007-05-09   (M)2023-12-22

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

http://www.securityfocus.com/archive/1/485938/100/0/threaded

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/500412/100/0/threaded

SECUNIA-28365

BID-28481

SECUNIA-33668

ADV-2007-1729

ADV-2008-0065

ADV-2009-0233

RHSA-2007:0327

RHSA-2008:0261

http://lists.vmware.com/pipermail/security-announce/2008/000003.html

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://tomcat.apache.org/security-5.html

oval:org.mitre.oval:def:10514