CVE-2007-3384

Apache Tomcat 3.3-3.3.2 - Cross-Site Scripting via CookieExample Name or Value Field

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

References (6)

Core 6
Core References
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-3.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2971
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475321/100/0/threaded
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25174
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018503
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39035

Scores

EPSS 0.0318
EPSS Percentile 86.6%

Details

Status published
Products (5)
apache/tomcat 3.3
apache/tomcat 3.3.1
apache/tomcat 3.3.1a
apache/tomcat 3.3.2
org.apache.tomcat/tomcat 3.3.0Maven
Published Aug 08, 2007
Tracked Since Feb 18, 2026