github - ghsa-p57v-p3fx-qgwm

ghsa-p57v-p3fx-qgwm

Vulnerability from github

Published

2022-05-01 07:45

Modified

2024-02-12 16:37

Summary

Apache Tomcat XSS Vulnerability

Details

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "last_affected": "5.0.30"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.5.17"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "fixed": "5.5.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2006-7195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-12T16:37:37Z",
    "nvd_published_at": "2007-05-10T00:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.",
  "id": "GHSA-p57v-p3fx-qgwm",
  "modified": "2024-02-12T16:37:37Z",
  "published": "2022-05-01T07:45:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2007:0326"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2007:0327"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2007:0328"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2007:0340"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2008:0261"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2008:0524"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2006-7195"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237081"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20080515114843/http://www.securityfocus.com/bid/28481"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20171015140308/http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20171015140313/http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20201021082255/http://www.securityfocus.com/archive/1/485938/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20230518052431/http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Tomcat XSS Vulnerability"
}

cve-2006-7195

Vulnerability from cvelistv5

Published

2007-05-09 22:00

Modified

2024-08-07 20:57

Severity

Summary

References

URL	Tags
http://lists.vmware.com/pipermail/security-announce/2008/000003.html	mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/28481	vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/0065	vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485938/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/1729	vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/28365	third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2007-0327.html	vendor-advisory, x_refsource_REDHAT
http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514	vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website