FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1358

This CVE name corresponds to:

Entered Topic
2007-07-24 tomcat -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1358 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1358
Phase Assigned(20070308)

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

References

Source Reference
BUGTRAQ 20070618 [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing
MISC http://jvn.jp/jp/JVN%2316535199/index.html
CONFIRM http://tomcat.apache.org/security-4.html
CONFIRM http://docs.info.apple.com/article.html?artnum=306172
CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html
APPLE APPLE-SA-2007-07-31
FEDORA FEDORA-2007-3456
HP HPSBUX02262
HP SSRT071447
REDHAT RHSA-2008:0261
SUNALERT 239312
BID 24524
BID 25159
FRSIRT ADV-2007-1729
FRSIRT ADV-2007-2732
FRSIRT ADV-2007-3087
FRSIRT ADV-2007-3386
FRSIRT ADV-2008-1979
SECTRACK 1018269
SECUNIA 25721
SECUNIA 26235
SECUNIA 26660
SECUNIA 27037
SECUNIA 27727
SECUNIA 30908
SECUNIA 30899

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.