CVE-2007-1358 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-1358
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1358

Description: Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

CVE Status: Candidate

References: SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 ST 1018269 SAID Secunia Advisory: SA25721 Secunia Advisory: SA26235 Secunia Advisory: SA26660 Secunia Advisory: SA27037 Secunia Advisory: SA27727 Secunia Advisory: SA30908 Secunia Advisory: SA30899 Secunia Advisory: SA31493 REDHAT http://rhn.redhat.com/errata/RHSA-2008-0630.html http://www.redhat.com/support/errata/RHSA-2008-0261.html MISC http://jvn.jp/jp/JVN%2316535199/index.html HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 FEDORA CONFIRM http://tomcat.apache.org/security-4.html http://docs.info.apple.com/article.html?artnum=306172 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/471719/100/0/threaded BID 24524 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.