Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-3386
HistoryAug 14, 2007 - 10:17 p.m.

CVE-2007-3386

2007-08-1422:17:00
CWE-79
[email protected]
web.nvd.nist.gov
62
cve
2007
3386
cross-site scripting
xss
apache tomcat
security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

JSON

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Affected configurations

NVD
Node
apachetomcatMatch5.5.0
OR
apachetomcatMatch5.5.1
OR
apachetomcatMatch5.5.2
OR
apachetomcatMatch5.5.3
OR
apachetomcatMatch5.5.4
OR
apachetomcatMatch5.5.5
OR
apachetomcatMatch5.5.6
OR
apachetomcatMatch5.5.7
OR
apachetomcatMatch5.5.8
OR
apachetomcatMatch5.5.9
OR
apachetomcatMatch5.5.10
OR
apachetomcatMatch5.5.11
OR
apachetomcatMatch5.5.12
OR
apachetomcatMatch5.5.13
OR
apachetomcatMatch5.5.14
OR
apachetomcatMatch5.5.15
OR
apachetomcatMatch5.5.16
OR
apachetomcatMatch5.5.17
OR
apachetomcatMatch5.5.18
OR
apachetomcatMatch5.5.19
OR
apachetomcatMatch5.5.20
OR
apachetomcatMatch5.5.21
OR
apachetomcatMatch5.5.22
OR
apachetomcatMatch5.5.23
OR
apachetomcatMatch5.5.24
OR
apachetomcatMatch6.0.0
OR
apachetomcatMatch6.0.1
OR
apachetomcatMatch6.0.2
OR
apachetomcatMatch6.0.3
OR
apachetomcatMatch6.0.4
OR
apachetomcatMatch6.0.5
OR
apachetomcatMatch6.0.6
OR
apachetomcatMatch6.0.7
OR
apachetomcatMatch6.0.8
OR
apachetomcatMatch6.0.9
OR
apachetomcatMatch6.0.10
OR
apachetomcatMatch6.0.11
OR
apachetomcatMatch6.0.12
OR
apachetomcatMatch6.0.13

References

Related

seebug 1
jvn 1
ubuntucve 1
cvelist 1
packetstorm 1
nvd 1
prion 1
veracode 1
securityvulns 3
nessus 14
centos 1
redhat 2
openvas 24
oraclelinux 1
tomcat 2
debian 1
osv 1
altlinux 1
fedora 5
seebug
seebug
Apache Tomcat Host Manager Servletθ·¨η«™θ„šζœ¬ζ‰§θ‘ŒζΌζ΄ž
2007-08-23 00:00:00
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
cvelist
cvelist
CVE-2007-3386
2007-08-14 22:00:00
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
nvd
nvd
CVE-2007-3386
2007-08-14 22:17:00
prion
prion
Cross site scripting
2007-08-14 22:17:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-12 09:08:34
securityvulns
securityvulns
CVE-2007-3386: XSS in Host Manager
2007-08-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
2009-01-28 00:00:00
nessus
nessus
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
CentOS 5 : tomcat (CESA-2007:0871)
2010-01-06 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
redhat
redhat
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0871)
2015-10-08 00:00:00
Debian Security Advisory DSA 1447-1 (tomcat5.5)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1447-1)
2008-01-17 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

JSON
Related for CVE-2007-3386
seebug1jvn1ubuntucve1cvelist1packetstorm1nvd1prion1veracode1securityvulns3nessus14centos1redhat2openvas24oraclelinux1tomcat2debian1osv1altlinux1fedora5