[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1358Date: (C)2007-05-09   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018269
http://www.securityfocus.com/archive/1/471719/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
SUNALERT-239312
BID-24524
BID-25159
SECUNIA-25721
SECUNIA-26235
SECUNIA-26660
SECUNIA-27037
SECUNIA-27727
SECUNIA-30899
SECUNIA-30908
SECUNIA-31493
SECUNIA-33668
OSVDB-34881
ADV-2007-1729
ADV-2007-2732
ADV-2007-3087
ADV-2007-3386
ADV-2008-1979
ADV-2009-0233
APPLE-SA-2007-07-31
FEDORA-2007-3456
JVN#16535199
RHSA-2008:0261
RHSA-2008:0630
SSRT071447
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://docs.info.apple.com/article.html?artnum=306172
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-4.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html
oval:org.mitre.oval:def:10679

CPE    9
cpe:/a:apache:tomcat:4.0.3
cpe:/a:apache:tomcat:4.0.2
cpe:/a:apache:tomcat:4.1.0
cpe:/a:apache:tomcat
...
CWE    1
CWE-79

© SecPod Technologies