GitHub Advisory DatabaseGHSA-5C5P-JXVX-X7J2Apache Tomcat vulnerable to Cross-site Scripting
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.03 Low
EPSS
Percentile
90.9%
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
Affected configurations
References
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
jvn.jp/jp/JVN%2307100457/index.html
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
support.apple.com/kb/HT2163
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1468
www.mandriva.com/security/advisories?name=MDKSA-2007:241
www.redhat.com/support/errata/RHSA-2007-0569.html
www.redhat.com/support/errata/RHSA-2008-0261.html
exchange.xforce.ibmcloud.com/vulnerabilities/34868
github.com/advisories/GHSA-5c5p-jxvx-x7j2
github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2007-2450
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287
web.archive.org/web/20071203205513/secunia.com/advisories/25678
web.archive.org/web/20080212014926/secunia.com/advisories/26076
web.archive.org/web/20080320042501/secunia.com/advisories/27727
web.archive.org/web/20080324012730/secunia.com/advisories/28549
web.archive.org/web/20080413164556/securitytracker.com/alerts/2007/Jun/1018245.html
web.archive.org/web/20080724125033/secunia.com/advisories/27037
web.archive.org/web/20080801204240/secunia.com/advisories/30899
web.archive.org/web/20080801210056/secunia.com/advisories/30802
web.archive.org/web/20090623202429/secunia.com/advisories/33668
web.archive.org/web/20120809122231/secunia.com/advisories/30908
web.archive.org/web/20200229180652/www.securityfocus.com/bid/24475
web.archive.org/web/20200517122628/www.securityfocus.com/archive/1/500396/100/0/threaded
web.archive.org/web/20200517153851/www.securityfocus.com/archive/1/500412/100/0/threaded
web.archive.org/web/20200809062244/www.securityfocus.com/archive/1/471357/100/0/threaded
web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Related
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.03 Low
EPSS
Percentile
90.9%