FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1358

This CVE name corresponds to:

Entered	Topic
2007-07-24	tomcat -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1358 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-1358
Phase	Assigned(20070308)

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

References

Source	Reference
BUGTRAQ	20070618 [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing
BUGTRAQ	20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
BUGTRAQ	20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CONFIRM	http://tomcat.apache.org/security-4.html
CONFIRM	http://docs.info.apple.com/article.html?artnum=306172
CONFIRM	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html
CONFIRM	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
CONFIRM	http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
APPLE	APPLE-SA-2007-07-31
FEDORA	FEDORA-2007-3456
HP	HPSBUX02262
HP	SSRT071447
REDHAT	RHSA-2008:0261
REDHAT	RHSA-2008:0630
SUNALERT	239312
JVN	JVN#16535199
BID	24524
BID	25159
OSVDB	34881
OVAL	oval:org.mitre.oval:def:10679
VUPEN	ADV-2007-1729
VUPEN	ADV-2007-2732
VUPEN	ADV-2007-3087
VUPEN	ADV-2007-3386
VUPEN	ADV-2008-1979
VUPEN	ADV-2009-0233
SECTRACK	1018269
SECUNIA	25721
SECUNIA	26235
SECUNIA	26660
SECUNIA	27037
SECUNIA	27727
SECUNIA	30908
SECUNIA	30899
SECUNIA	31493
SECUNIA	33668