CVE-2007-3386

Apache Tomcat - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NTT OSS CENTER · htmlremotemultiple

https://www.exploit-db.com/exploits/30495

View Code ZIP pw:eip

References (31)

[Various Sources] http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

[Third Party Advisory] http://jvn.jp/jp/JVN%2359851336/index.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

[Third Party Advisory, VDB Entry] http://osvdb.org/36417

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018558

[Various Sources] http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

[Patch] http://tomcat.apache.org/security-6.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0871.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36001

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/476448/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500396/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500412/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25314

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1447

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077

[Third Party Advisory] http://secunia.com/advisories/26465

... and 11 more

Scores

EPSS 0.6996

EPSS Percentile 98.6%

Classification

CWE

CWE-79

Status draft

Affected Products (39)

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

... and 24 more

Timeline

Published Aug 14, 2007

Tracked Since Feb 18, 2026