FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1355

This CVE name corresponds to:

Entered	Topic
2007-07-24	tomcat -- XSS vulnerability in sample applications

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1355 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-1355
Phase	Assigned(20070308)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

References

Source	Reference
BUGTRAQ	20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities
BUGTRAQ	20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
BUGTRAQ	20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CONFIRM	http://tomcat.apache.org/security-4.html
CONFIRM	http://tomcat.apache.org/security-5.html
CONFIRM	http://tomcat.apache.org/security-6.html
CONFIRM	http://support.apple.com/kb/HT2163
CONFIRM	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
CONFIRM	http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
APPLE	APPLE-SA-2008-06-30
FEDORA	FEDORA-2007-3456
HP	HPSBUX02262
HP	SSRT071447
REDHAT	RHSA-2008:0261
REDHAT	RHSA-2008:0630
SUNALERT	239312
BID	24058
OSVDB	34875
OVAL	oval:org.mitre.oval:def:6111
VUPEN	ADV-2007-3386
VUPEN	ADV-2008-1981
VUPEN	ADV-2008-1979
VUPEN	ADV-2009-0233
SECUNIA	27037
SECUNIA	27727
SECUNIA	30802
SECUNIA	30908
SECUNIA	30899
SECUNIA	31493
SECUNIA	33668
SREASON	2722
XF	tomcat-hello-xss(34377)