Lucene search

GitHub Advisory DatabaseGHSA-36HP-4X3G-PHRG

HistoryMay 01, 2022 - 6:13 p.m.

Apache Tomcat's CookieExample Vulnerable to XSS

2022-05-0118:13:15

CWE-80

GitHub Advisory Database

github.com

apache tomcat

cookieexample

xss

vulnerability

remote attackers

web script

html

error messages

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.007

Percentile

80.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

Affected configurations

Vulners

Node

org.apache.tomcat\Matchtomcat

References

tomcat.apache.org/security-3.html

github.com/advisories/GHSA-36hp-4x3g-phrg

nvd.nist.gov/vuln/detail/CVE-2007-3384

web.archive.org/web/20070824135030/securityreason.com/securityalert/2971

web.archive.org/web/20071117100258/securitytracker.com/alerts/2007/Aug/1018503.html

web.archive.org/web/20170323011513/www.securityfocus.com/bid/25174

web.archive.org/web/20201207035111/www.securityfocus.com/archive/1/475321/100/0/threaded

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.007

Percentile

80.5%

JSON

Related for GHSA-36HP-4X3G-PHRG