jvndb-2007-000598
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Apache Tomcat Host Manager cross-site scripting vulnerability
Details
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. The Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.
References
JVN http://jvn.jp/en/jp/JVN59851336/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
NVD http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3386
SECUNIA http://secunia.com/advisories/26465/
BID http://www.securityfocus.com/bid/25314
FRSIRT http://www.frsirt.com/english/advisories/2007/2880
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Apache Software FoundationApache Tomcat
Hewlett-Packard Development Company,L.PHP-UX
Cybertrust Japan Co., Ltd.Asianux Server
Red Hat, Inc.Red Hat Enterprise Linux
Red Hat, Inc.Red Hat Enterprise Linux Desktop
Red Hat, Inc.RHEL Desktop Workstation
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000598.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nThe Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000598.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000598",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN59851336/index.html",
      "@id": "JVN#59851336",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386",
      "@id": "CVE-2007-3386",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3386",
      "@id": "CVE-2007-3386",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/26465/",
      "@id": "SA26465",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25314",
      "@id": "25314",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/2880",
      "@id": "FrSIRT/ADV-2007-2880",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Apache Tomcat Host Manager cross-site scripting vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.