CVE-2007-1358

Apache Tomcat < 4.1.31 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

References (38)

[Various Sources] http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=306172

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

[Third Party Advisory] http://jvn.jp/jp/JVN%2316535199/index.html

[Mailing List] http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

[Third Party Advisory, VDB Entry] http://osvdb.org/34881

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2008-0630.html

[Vendor Advisory] http://secunia.com/advisories/25721

[Vendor Advisory] http://secunia.com/advisories/26235

[Vendor Advisory] http://secunia.com/advisories/26660

[Vendor Advisory] http://secunia.com/advisories/27037

[Vendor Advisory] http://secunia.com/advisories/27727

[Vendor Advisory] http://secunia.com/advisories/30899

[Vendor Advisory] http://secunia.com/advisories/30908

[Vendor Advisory] http://secunia.com/advisories/31493

[Vendor Advisory] http://secunia.com/advisories/33668

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

[Various Sources] http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

[Vendor Advisory] http://tomcat.apache.org/security-4.html

[Various Sources] http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html

... and 18 more

Scores

EPSS 0.3986

EPSS Percentile 97.3%

Classification

CWE

CWE-79

Status draft

Affected Products (10)

apache/tomcat < 4.1.31

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

org.apache.tomcat/tomcat Maven

Timeline

Published May 10, 2007

Tracked Since Feb 18, 2026