CVE-2007-3383
Apache Tomcat 4.0.0-4.0.6 and 4.1.0-4.1.36 - Cross-Site Scripting via SendMailServlet From Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
References (16)
Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39000
Patch x_refsource_confirm
http://tomcat.apache.org/security-4.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT2163
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1981/references
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474413/100/0/threaded
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30802
Patch, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/862600
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2918
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24999
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2618
Patch mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2007/Jul/0448.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.0948
EPSS Percentile
94.9%
Details
Status
published
Products (18)
apache/tomcat
4.0.0
apache/tomcat
4.0.1
apache/tomcat
4.0.2
apache/tomcat
4.0.3
apache/tomcat
4.0.4
apache/tomcat
4.0.5
apache/tomcat
4.0.6
apache/tomcat
4.1.0
apache/tomcat
4.1.1
apache/tomcat
4.1.2
... and 8 more
Published
Jul 25, 2007
Tracked Since
Feb 18, 2026