Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-3383
HistoryJul 25, 2007 - 5:30 p.m.

CVE-2007-3383

2007-07-2517:30:00
[email protected]
web.nvd.nist.gov
6

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.222

Percentile

96.6%

JSON

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

Affected configurations

Nvd
Node
apachetomcatMatch4.0.0
OR
apachetomcatMatch4.0.1
OR
apachetomcatMatch4.0.2
OR
apachetomcatMatch4.0.3
OR
apachetomcatMatch4.0.4
OR
apachetomcatMatch4.0.5
OR
apachetomcatMatch4.0.6
OR
apachetomcatMatch4.1.0
OR
apachetomcatMatch4.1.1
OR
apachetomcatMatch4.1.2
OR
apachetomcatMatch4.1.3
OR
apachetomcatMatch4.1.10
OR
apachetomcatMatch4.1.15
OR
apachetomcatMatch4.1.24
OR
apachetomcatMatch4.1.28
OR
apachetomcatMatch4.1.31
OR
apachetomcatMatch4.1.36
VendorProductVersionCPE
apachetomcat4.0.0cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
apachetomcat4.0.1cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
apachetomcat4.0.2cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
apachetomcat4.0.3cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
apachetomcat4.0.4cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
apachetomcat4.0.5cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
apachetomcat4.0.6cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
apachetomcat4.1.0cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
apachetomcat4.1.1cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
apachetomcat4.1.2cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 171

References

Related

cve 1
prion 1
cert 1
github 1
cvelist 1
ubuntucve 1
veracode 1
securityvulns 2
nessus 4
osv 1
tomcat 1
openvas 2
cve
cve
CVE-2007-3383
2007-07-25 17:30:00
prion
prion
Cross site scripting
2007-07-25 17:30:00
cert
cert
Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field
2007-07-22 00:00:00
github
github
Apache Tomcat SendMailServlet XSS
2022-05-01 18:13:14
cvelist
cvelist
CVE-2007-3383
2007-07-25 17:00:00
ubuntucve
ubuntucve
CVE-2007-3383
2007-07-25 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2019-03-26 01:19:45
securityvulns
securityvulns
CVE-2007-3383: XSS in Tomcat send mail example
2007-07-23 00:00:00
Apache Tomcat crossite scripting
2007-09-04 00:00:00
nessus
nessus
Apache Tomcat SendMailServlet sendmail.jsp 'mailfrom' Parameter XSS
2007-09-06 00:00:00
Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities
2010-06-16 00:00:00
Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities
2008-07-01 00:00:00
osv
osv
Apache Tomcat SendMailServlet XSS
2022-05-01 18:13:14
tomcat
tomcat
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
openvas
openvas
Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
2010-05-12 00:00:00
Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
2010-05-12 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.222

Percentile

96.6%

JSON
Related for NVD:CVE-2007-3383
cve1prion1cert1github1cvelist1ubuntucve1veracode1securityvulns2nessus4osv1tomcat1openvas2