CVE-2007-3384
Apache Tomcat 3.3-3.3.2 - Cross-Site Scripting via CookieExample Name or Value Field
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-3.html
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2971
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475321/100/0/threaded
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25174
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018503
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39035
Scores
EPSS
0.0318
EPSS Percentile
86.6%
Details
Status
published
Products (5)
apache/tomcat
3.3
apache/tomcat
3.3.1
apache/tomcat
3.3.1a
apache/tomcat
3.3.2
org.apache.tomcat/tomcat
3.3.0Maven
Published
Aug 08, 2007
Tracked Since
Feb 18, 2026