CVE-2007-1355
EPSS 82.4%Apache Tomcat Vulnerable to Cross-Site Scripting
發布日:2022/5/1修改日:2025/4/9
描述
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
受影響套件(2)
- Maven/org.apache.tomcat:jsp-api>= 4.1.0, < 4.1.37
- Maven/org.apache.tomcat:servlet-api>= 4.1.0, < 4.1.37
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
參考連結(22)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-1355
- PATCHhttps://github.com/apache/tomcat
- WEBhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- WEBhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
- WEBhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2008-0630.html
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34377
- WEBhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- WEBhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
- WEBhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- WEBhttp://support.apple.com/kb/HT2163
- WEBhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
- WEBhttp://tomcat.apache.org/security-4.html
- WEBhttp://tomcat.apache.org/security-5.html
- WEBhttp://tomcat.apache.org/security-6.html
- WEBhttp://www.redhat.com/support/errata/RHSA-2008-0261.html