CVE-2007-3386
Apache Tomcat 5.5.0-5.5.24 and 6.0.0-6.0.13 - Cross-Site Scripting via Host Manager Servlet Aliases Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3386. PoCs published by NTT OSS CENTER.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Apache Tomcat's Host Manager Servlet by injecting a malicious script into the 'aliases' parameter. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the victim's browser.
Description
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by NTT OSS CENTER · htmlremotemultiple
https://www.exploit-db.com/exploits/30495
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Apache Tomcat's Host Manager Servlet by injecting a malicious script into the 'aliases' parameter. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the victim's browser.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Apache Tomcat 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13
Auth required
Prerequisites:
Access to the Host Manager Servlet · Victim interaction to submit the form
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (31)
Core 31
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36417
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27267
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3527
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/jp/JVN%2359851336/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36001
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25314
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26465
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500412/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33668
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26898
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018558
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3010
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2880
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28317
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0233
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Patch x_refsource_confirm
http://tomcat.apache.org/security-6.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0871.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3386
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/476448/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27037
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27727
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1447
Various Sources x_refsource_confirm
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
Various Sources x_refsource_confirm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
Scores
EPSS
0.7378
EPSS Percentile
98.8%
Details
CWE
CWE-79
Status
published
Products (39)
apache/tomcat
5.5.0
apache/tomcat
5.5.1
apache/tomcat
5.5.2
apache/tomcat
5.5.3
apache/tomcat
5.5.4
apache/tomcat
5.5.5
apache/tomcat
5.5.6
apache/tomcat
5.5.7
apache/tomcat
5.5.8
apache/tomcat
5.5.9
... and 29 more
Published
Aug 14, 2007
Tracked Since
Feb 18, 2026