CVE-2007-3386 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-3386
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3386

Description: Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36001 ST 1018558 SREASON http://securityreason.com/securityalert/3010 SAID Secunia Advisory: SA27267 Secunia Advisory: SA27037 Secunia Advisory: SA26898 Secunia Advisory: SA26465 Secunia Advisory: SA27727 Secunia Advisory: SA28317 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0871.html MISC http://jvn.jp/jp/JVN%2359851336/index.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1447 CONFIRM http://tomcat.apache.org/security-6.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/476448/100/0/threaded BID 25314

Return to the previous page.