FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1355

This CVE name corresponds to:

Entered Topic
2007-07-24 tomcat -- XSS vulnerability in sample applications

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1355 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1355
Phase Assigned(20070308)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

References

Source Reference
BUGTRAQ 20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities
CONFIRM http://tomcat.apache.org/security-4.html
CONFIRM http://tomcat.apache.org/security-5.html
CONFIRM http://tomcat.apache.org/security-6.html
CONFIRM http://support.apple.com/kb/HT2163
APPLE APPLE-SA-2008-06-30
FEDORA FEDORA-2007-3456
HP HPSBUX02262
HP SSRT071447
REDHAT RHSA-2008:0261
SUNALERT 239312
BID 24058
FRSIRT ADV-2007-3386
FRSIRT ADV-2008-1981
FRSIRT ADV-2008-1979
SECUNIA 27037
SECUNIA 27727
SECUNIA 30802
SECUNIA 30908
SECUNIA 30899
SREASON 2722
XF tomcat-hello-xss(34377)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.