CVE-2007-3383

Apache Tomcat 4.0.0-4.0.6 and 4.1.0-4.1.36 - Cross-Site Scripting via SendMailServlet From Field

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39000
Patch x_refsource_confirm
http://tomcat.apache.org/security-4.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT2163
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1981/references
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474413/100/0/threaded
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30802
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/862600
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2918
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24999
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2618
Patch mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2007/Jul/0448.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35536

Scores

EPSS 0.0948
EPSS Percentile 94.9%

Details

Status published
Products (18)
apache/tomcat 4.0.0
apache/tomcat 4.0.1
apache/tomcat 4.0.2
apache/tomcat 4.0.3
apache/tomcat 4.0.4
apache/tomcat 4.0.5
apache/tomcat 4.0.6
apache/tomcat 4.1.0
apache/tomcat 4.1.1
apache/tomcat 4.1.2
... and 8 more
Published Jul 25, 2007
Tracked Since Feb 18, 2026