Lucene search

K

Japan Vulnerability NotesJVN:16535199

HistoryJun 19, 2007 - 12:00 a.m.

JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability

2007-06-1900:00:00

Japan Vulnerability Notes

jvn.jp

34

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS

0.729

Percentile

98.1%

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The developer has confirmed that this vulnerability occurs when an outdated version of Flash is used.

Impact

An arbitrary script may be executed on the user’s web browser.

Solution

Update the software
Apply the latest updates provided by the developer.

For more information, refer to the developer’s website.

Products Affected

Apache Tomcat 4.0.0 - 4.0.6
Apache Tomcat 4.1.0 - 4.1.34
Apache Tomcat 5.0.0 - 5.0.30
Apache Tomcat 5.5.0 - 5.5.20
Apache Tomcat 6.0.0 - 6.0.5

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS

0.729

Percentile

98.1%

Related for JVN:16535199

cve1 tomcat3 ubuntucve1 securityvulns3 veracode1 nessus16 cvelist1 osv1 nvd1 prion1 github1 openvas18 freebsd1 redhat8 centos1 oraclelinux1 fedora5 altlinux1 seebug1