CVE-2007-1355

Apache Tomcat < 4.1.37 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ferruh Mavituna · textremotemultiple

https://www.exploit-db.com/exploits/30052

View Code ZIP pw:eip

References (34)

[Various Sources] http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

[Mailing List] http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

[Third Party Advisory, VDB Entry] http://osvdb.org/34875

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2008-0630.html

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

[Vendor Advisory] http://support.apple.com/kb/HT2163

[Various Sources] http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

[Various Sources] http://tomcat.apache.org/security-4.html

[Various Sources] http://tomcat.apache.org/security-5.html

[Various Sources] http://tomcat.apache.org/security-6.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0261.html

[Exploit, Patch] http://www.securityfocus.com/bid/24058

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

[Mailing List] https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/469067/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500396/100/0/threaded

... and 14 more

Scores

EPSS 0.8429

EPSS Percentile 99.3%

Details

Status published

Products (50)

apache/tomcat 4.0.0

apache/tomcat 4.0.1

apache/tomcat 4.0.2

apache/tomcat 4.0.3

apache/tomcat 4.0.4

apache/tomcat 4.0.5

apache/tomcat 4.0.6

apache/tomcat 4.1.10

apache/tomcat 4.1.15

apache/tomcat 4.1.24

... and 40 more

Published May 21, 2007

Tracked Since Feb 18, 2026