CVE-2007-3386

Apache Tomcat - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NTT OSS CENTER · htmlremotemultiple

https://www.exploit-db.com/exploits/30495

View Code ZIP pw:eip

References (31)

[Third Party Advisory, VDB Entry] http://osvdb.org/36417

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

[Third Party Advisory] http://secunia.com/advisories/27267

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3527

[Third Party Advisory] http://jvn.jp/jp/JVN%2359851336/index.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36001

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25314

[Third Party Advisory] http://secunia.com/advisories/26465

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500412/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/33668

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500396/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/26898

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018558

[Third Party Advisory] http://securityreason.com/securityalert/3010

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2880

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

[Third Party Advisory] http://secunia.com/advisories/28317

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/0233

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

[Patch] http://tomcat.apache.org/security-6.html

... and 11 more

Scores

EPSS 0.7378

EPSS Percentile 98.8%

Details

CWE

CWE-79

Status published

Products (39)

apache/tomcat 5.5.0

apache/tomcat 5.5.1

apache/tomcat 5.5.2

apache/tomcat 5.5.3

apache/tomcat 5.5.4

apache/tomcat 5.5.5

apache/tomcat 5.5.6

apache/tomcat 5.5.7

apache/tomcat 5.5.8

apache/tomcat 5.5.9

... and 29 more

Published Aug 14, 2007

Tracked Since Feb 18, 2026