Action not permitted
Modal body text goes here.
Modal Title
Modal Body
rhsa-2008_0261
Vulnerability from csaf_redhat
Published
2008-05-20 14:12
Modified
2024-12-08 10:33
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server security update
Notes
Topic
Red Hat Network Satellite Server version 5.0.2 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server components.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
During an internal security review, a cross-site scripting flaw was found
that affected the Red Hat Network channel search feature. (CVE-2007-5961)
This release also corrects several security vulnerabilities in various
components shipped as part of the Red Hat Network Satellite Server. In a
typical operating environment, these components are not exposed to users of
Satellite Server in a vulnerable manner. These security updates will reduce
risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache HTTPD server. These flaws could
result in a cross-site scripting, denial-of-service, or information
disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,
CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)
A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)
Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)
Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,
CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
Two arbitrary code execution flaws were fixed in the OpenMotif package.
(CVE-2005-3964, CVE-2005-0605)
A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)
Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,
CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,
CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to
5.0.2, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Network Satellite Server version 5.0.2 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "During an internal security review, a cross-site scripting flaw was found\nthat affected the Red Hat Network channel search feature. (CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server. In a\ntypical operating environment, these components are not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif package.\n(CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade to\n5.0.2, which resolves these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0261", "url": "https://access.redhat.com/errata/RHSA-2008:0261" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "396641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641" }, { "category": "external", "summary": "444136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444136" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0261.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite Server security update", "tracking": { "current_release_date": "2024-12-08T10:33:34+00:00", "generator": { "date": "2024-12-08T10:33:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2008:0261", "initial_release_date": "2008-05-20T14:12:00+00:00", "revision_history": [ { "date": "2008-05-20T14:12:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-05-20T10:12:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T10:33:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.0:el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel4?arch=i386" } } }, { "category": "product_version", "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product": { "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product_id": "jabberd-0:2.0s10-3.38.rhn.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.38.rhn?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product": { "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product_id": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21@2.1.30-11.RHEL4.6?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product": { "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product_id": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21-debuginfo@2.1.30-11.RHEL4.6?arch=i386" } } }, { "category": "product_version", "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel4?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product_id": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2.el4?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product_id": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.10-1jpp.2.el4?arch=i386" } } }, { "category": "product_version", "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product_id": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modjk-ap13@1.2.23-2rhn.rhel4?arch=i386" } } }, { "category": "product_version", "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product": { "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product_id": "rhn-modperl-0:1.29-16.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel4?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "jfreechart-0:0.9.20-3.rhn.noarch", "product": { "name": "jfreechart-0:0.9.20-3.rhn.noarch", "product_id": "jfreechart-0:0.9.20-3.rhn.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product": { "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product_id": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product": { "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product_id": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jabberd-0:2.0s10-3.38.rhn.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386" }, "product_reference": "jabberd-0:2.0s10-3.38.rhn.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386" }, "product_reference": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386" }, "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch" }, "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386" }, "product_reference": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386" }, "product_reference": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch" }, "product_reference": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386" }, "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386" }, "product_reference": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modperl-0:1.29-16.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386" }, "product_reference": "rhn-modperl-0:1.29-16.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386" }, "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" }, "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5" } ] }, "vulnerabilities": [ { "cve": "CVE-2004-0885", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430637" } ], "notes": [ { "category": "description", "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_ssl SSLCipherSuite bypass", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0885" }, { "category": "external", "summary": "RHBZ#430637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0885", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885" } ], "release_date": "2004-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_ssl SSLCipherSuite bypass" }, { "cve": "CVE-2005-0605", "discovery_date": "2005-02-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430520" } ], "notes": [ { "category": "description", "text": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxpm buffer overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-0605" }, { "category": "external", "summary": "RHBZ#430520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430520" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0605", "url": "https://www.cve.org/CVERecord?id=CVE-2005-0605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605" } ], "release_date": "2005-03-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxpm buffer overflow" }, { "cve": "CVE-2005-2090", "discovery_date": "2005-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237079" } ], "notes": [ { "category": "description", "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat multiple content-length header poisioning", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-2090" }, { "category": "external", "summary": "RHBZ#237079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090" } ], "release_date": "2005-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat multiple content-length header poisioning" }, { "cve": "CVE-2005-3510", "discovery_date": "2005-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237085" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3510" }, { "category": "external", "summary": "RHBZ#237085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510" } ], "release_date": "2005-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat DoS" }, { "cve": "CVE-2005-3964", "discovery_date": "2005-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430519" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "openmotif libUil buffer overflows", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3964" }, { "category": "external", "summary": "RHBZ#430519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430519" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3964", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3964" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964" } ], "release_date": "2005-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openmotif libUil buffer overflows" }, { "cve": "CVE-2005-4838", "discovery_date": "2005-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "238401" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat manager example DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-4838" }, { "category": "external", "summary": "RHBZ#238401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4838", "url": "https://www.cve.org/CVERecord?id=CVE-2005-4838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838" } ], "release_date": "2005-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat manager example DoS" }, { "cve": "CVE-2006-0254", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2006-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430646" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat examples XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-0254" }, { "category": "external", "summary": "RHBZ#430646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0254", "url": "https://www.cve.org/CVERecord?id=CVE-2006-0254" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254" } ], "release_date": "2006-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat examples XSS" }, { "cve": "CVE-2006-0898", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430522" } ], "notes": [ { "category": "description", "text": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl-Crypt-CBC weaker encryption with some ciphers", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-0898" }, { "category": "external", "summary": "RHBZ#430522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0898", "url": "https://www.cve.org/CVERecord?id=CVE-2006-0898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898" } ], "release_date": "2006-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "perl-Crypt-CBC weaker encryption with some ciphers" }, { "cve": "CVE-2006-1329", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429254" } ], "notes": [ { "category": "description", "text": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\".", "title": "Vulnerability description" }, { "category": "summary", "text": "jabberd SASL DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-1329" }, { "category": "external", "summary": "RHBZ#429254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429254" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1329", "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329" } ], "release_date": "2006-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jabberd SASL DoS" }, { "cve": "CVE-2006-3835", "discovery_date": "2006-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237084" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory listing issue", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3835" }, { "category": "external", "summary": "RHBZ#237084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835" } ], "release_date": "2006-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat directory listing issue" }, { "cve": "CVE-2006-5752", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245112" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_status XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-5752" }, { "category": "external", "summary": "RHBZ#245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752", "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752" } ], "release_date": "2007-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_status XSS" }, { "cve": "CVE-2006-7195", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237081" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in example webapps", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7195" }, { "category": "external", "summary": "RHBZ#237081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237081" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7195", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195" } ], "release_date": "2007-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat XSS in example webapps" }, { "cve": "CVE-2006-7196", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "238131" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in example webapps", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7196" }, { "category": "external", "summary": "RHBZ#238131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7196", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196" } ], "release_date": "2007-04-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat XSS in example webapps" }, { "cve": "CVE-2006-7197", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430642" } ], "notes": [ { "category": "description", "text": "The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_jk chunk too long", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7197" }, { "category": "external", "summary": "RHBZ#430642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430642" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7197", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197" } ], "release_date": "2006-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_jk chunk too long" }, { "cve": "CVE-2007-0243", "discovery_date": "2007-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "325941" } ], "notes": [ { "category": "description", "text": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-jre: GIF buffer overflow", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0243" }, { "category": "external", "summary": "RHBZ#325941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=325941" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0243", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0243" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243" } ], "release_date": "2007-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "java-jre: GIF buffer overflow" }, { "cve": "CVE-2007-0450", "discovery_date": "2007-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237080" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory traversal", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0450" }, { "category": "external", "summary": "RHBZ#237080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450" } ], "release_date": "2007-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat directory traversal" }, { "cve": "CVE-2007-1349", "discovery_date": "2007-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "240423" } ], "notes": [ { "category": "description", "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_perl PerlRun denial of service", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1349" }, { "category": "external", "summary": "RHBZ#240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349" } ], "release_date": "2007-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_perl PerlRun denial of service" }, { "cve": "CVE-2007-1355", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "253166" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in samples", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1355" }, { "category": "external", "summary": "RHBZ#253166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1355", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355" } ], "release_date": "2007-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XSS in samples" }, { "cve": "CVE-2007-1358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244803" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat accept-language xss flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1358" }, { "category": "external", "summary": "RHBZ#244803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358" } ], "release_date": "2007-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat accept-language xss flaw" }, { "cve": "CVE-2007-1860", "discovery_date": "2007-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237656" } ], "notes": [ { "category": "description", "text": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_jk sends decoded URL to tomcat", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1860" }, { "category": "external", "summary": "RHBZ#237656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237656" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1860", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_jk sends decoded URL to tomcat" }, { "cve": "CVE-2007-2435", "discovery_date": "2007-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "239660" } ], "notes": [ { "category": "description", "text": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "javaws vulnerabilities", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2435" }, { "category": "external", "summary": "RHBZ#239660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239660" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2435", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2435" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435" } ], "release_date": "2007-04-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "javaws vulnerabilities" }, { "cve": "CVE-2007-2449", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244804" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat examples jsp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2449" }, { "category": "external", "summary": "RHBZ#244804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2449", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449" } ], "release_date": "2007-06-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat examples jsp XSS" }, { "cve": "CVE-2007-2450", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244808" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat host manager XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2450" }, { "category": "external", "summary": "RHBZ#244808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450" } ], "release_date": "2007-06-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat host manager XSS" }, { "cve": "CVE-2007-2788", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2007-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250725" } ], "notes": [ { "category": "description", "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2788" }, { "category": "external", "summary": "RHBZ#250725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2788", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit" }, { "cve": "CVE-2007-2789", "discovery_date": "2007-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250729" } ], "notes": [ { "category": "description", "text": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.", "title": "Vulnerability description" }, { "category": "summary", "text": "BMP image parser vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2789" }, { "category": "external", "summary": "RHBZ#250729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2789", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2789" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "BMP image parser vulnerability" }, { "cve": "CVE-2007-3304", "discovery_date": "2007-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245111" } ], "notes": [ { "category": "description", "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd scoreboard lack of PID protection", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3304" }, { "category": "external", "summary": "RHBZ#245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304" } ], "release_date": "2007-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd scoreboard lack of PID protection" }, { "cve": "CVE-2007-3382", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247972" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookies", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3382" }, { "category": "external", "summary": "RHBZ#247972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookies" }, { "cve": "CVE-2007-3385", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247976" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookie values", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3385" }, { "category": "external", "summary": "RHBZ#247976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookie values" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-5461", "discovery_date": "2007-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "333791" } ], "notes": [ { "category": "description", "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "Absolute path traversal Apache Tomcat WEBDAV", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5461" }, { "category": "external", "summary": "RHBZ#333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" } ], "release_date": "2007-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Absolute path traversal Apache Tomcat WEBDAV" }, { "cve": "CVE-2007-5961", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "396641" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "RHN XSS flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5961" }, { "category": "external", "summary": "RHBZ#396641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5961", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5961" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5961", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5961" } ], "release_date": "2008-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "RHN XSS flaw" }, { "cve": "CVE-2007-6306", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "421081" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.", "title": "Vulnerability description" }, { "category": "summary", "text": "JFreeChart: XSS vulnerabilities in the image map feature", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6306" }, { "category": "external", "summary": "RHBZ#421081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306" } ], "release_date": "2007-12-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JFreeChart: XSS vulnerabilities in the image map feature" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0128", "discovery_date": "2008-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429821" } ], "notes": [ { "category": "description", "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat5 SSO cookie login information disclosure", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0128" }, { "category": "external", "summary": "RHBZ#429821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128" } ], "release_date": "2006-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat5 SSO cookie login information disclosure" } ] }
cve-2007-2449
Vulnerability from cvelistv5
Published
2007-06-14 23:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:42:33.408Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "24476", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24476" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded" }, { "name": "2804", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2804" }, { "name": "RHSA-2007:0569", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "name": "tomcat-example-xss(34869)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "1018245", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018245" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "29392", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29392" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "SUSE-SR:2008:007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36080", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/36080" }, { "name": "oval:org.mitre.oval:def:10578", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578" }, { "name": "26076", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26076" }, { "name": "ADV-2007-2213", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:33", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "24476", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24476" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded" }, { "name": "2804", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2804" }, { "name": "RHSA-2007:0569", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "name": "tomcat-example-xss(34869)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "1018245", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018245" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "29392", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29392" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "SUSE-SR:2008:007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36080", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/36080" }, { "name": "oval:org.mitre.oval:def:10578", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578" }, { "name": "26076", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26076" }, { "name": "ADV-2007-2213", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-2449", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "http://support.apple.com/kb/HT2163", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT2163" }, { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "ADV-2008-1981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "FEDORA-2007-3456", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "24476", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24476" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded" }, { "name": "2804", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2804" }, { "name": "RHSA-2007:0569", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "name": "tomcat-example-xss(34869)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "1018245", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018245" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "29392", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29392" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "SUSE-SR:2008:007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "name": "APPLE-SA-2008-06-30", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36080", "refsource": "OSVDB", "url": "http://osvdb.org/36080" }, { "name": "oval:org.mitre.oval:def:10578", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578" }, { "name": "26076", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26076" }, { "name": "ADV-2007-2213", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "MDKSA-2007:241", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-2449", "datePublished": "2007-06-14T23:00:00", "dateReserved": "2007-05-02T00:00:00", "dateUpdated": "2024-08-07T13:42:33.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1349
Vulnerability from cvelistv5
Published
2007-03-30 00:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "26231", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26231" }, { "name": "1018259", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018259" }, { "name": "25894", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25894" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "RHSA-2007:0395", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0395.html" }, { "name": "RHSA-2007:0486", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0486.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.gossamer-threads.com/lists/modperl/modperl/92739" }, { "name": "RHSA-2008:0627", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0627.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes" }, { "name": "24839", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24839" }, { "name": "33720", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33720" }, { "name": "USN-488-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-488-1" }, { "name": "31490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31490" }, { "name": "SUSE-SR:2007:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html" }, { "name": "26084", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26084" }, { "name": "ADV-2007-1150", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1150" }, { "name": "25655", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25655" }, { "name": "1021508", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm" }, { "name": "24678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24678" }, { "name": "25110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25110" }, { "name": "RHSA-2007:0396", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0396.html" }, { "name": "2007-0023", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0023/" }, { "name": "MDKSA-2007:083", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:083" }, { "name": "33723", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33723" }, { "name": "25730", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25730" }, { "name": "SUSE-SR:2007:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html" }, { "name": "26290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26290" }, { "name": "modperl-pathinfo-dos(33312)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33312" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "GLSA-200705-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-04.xml" }, { "name": "23192", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23192" }, { "name": "20070602-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" }, { "name": "25072", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25072" }, { "name": "oval:org.mitre.oval:def:10987", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987" }, { "name": "oval:org.mitre.oval:def:8349", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349" }, { "name": "25432", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25432" }, { "name": "248386", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-29T00:00:00", "descriptions": [ { "lang": "en", "value": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "26231", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26231" }, { "name": "1018259", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018259" }, { "name": "25894", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25894" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "RHSA-2007:0395", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0395.html" }, { "name": "RHSA-2007:0486", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0486.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.gossamer-threads.com/lists/modperl/modperl/92739" }, { "name": "RHSA-2008:0627", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0627.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes" }, { "name": "24839", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24839" }, { "name": "33720", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33720" }, { "name": "USN-488-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-488-1" }, { "name": "31490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31490" }, { "name": "SUSE-SR:2007:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html" }, { "name": "26084", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26084" }, { "name": "ADV-2007-1150", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1150" }, { "name": "25655", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25655" }, { "name": "1021508", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm" }, { "name": "24678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24678" }, { "name": "25110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25110" }, { "name": "RHSA-2007:0396", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0396.html" }, { "name": "2007-0023", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0023/" }, { "name": "MDKSA-2007:083", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:083" }, { "name": "33723", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33723" }, { "name": "25730", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25730" }, { "name": "SUSE-SR:2007:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html" }, { "name": "26290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26290" }, { "name": "modperl-pathinfo-dos(33312)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33312" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "GLSA-200705-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-04.xml" }, { "name": "23192", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23192" }, { "name": "20070602-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" }, { "name": "25072", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25072" }, { "name": "oval:org.mitre.oval:def:10987", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987" }, { "name": "oval:org.mitre.oval:def:8349", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349" }, { "name": "25432", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25432" }, { "name": "248386", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-1349", "datePublished": "2007-03-30T00:00:00", "dateReserved": "2007-03-08T00:00:00", "dateUpdated": "2024-08-07T12:50:35.306Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1355
Vulnerability from cvelistv5
Published
2007-05-21 20:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.150Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "oval:org.mitre.oval:def:6111", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "34875", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/34875" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "2722", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2722" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "24058", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24058" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/469067/100/0/threaded" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "tomcat-hello-xss(34377)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34377" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "oval:org.mitre.oval:def:6111", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "34875", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/34875" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "2722", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2722" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "24058", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24058" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/469067/100/0/threaded" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "tomcat-hello-xss(34377)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34377" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-1355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30908" }, { "name": "http://support.apple.com/kb/HT2163", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT2163" }, { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "oval:org.mitre.oval:def:6111", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111" }, { "name": "ADV-2008-1981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "ADV-2008-1979", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "34875", "refsource": "OSVDB", "url": "http://osvdb.org/34875" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "2722", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2722" }, { "name": "APPLE-SA-2008-06-30", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "24058", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24058" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/469067/100/0/threaded" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "tomcat-hello-xss(34377)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34377" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-1355", "datePublished": "2007-05-21T20:00:00", "dateReserved": "2007-03-08T00:00:00", "dateUpdated": "2024-08-07T12:50:35.150Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-0128
Vulnerability from cvelistv5
Published
2008-01-23 01:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:32:23.929Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "27365", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/27365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://security-tracker.debian.net/tracker/CVE-2008-0128" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29242" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41217" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "28549", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28549" }, { "name": "apache-singlesignon-information-disclosure(39804)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39804" }, { "name": "ADV-2008-0192", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0192" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "DSA-1468", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1468" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "28552", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28552" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-01-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "27365", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/27365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://security-tracker.debian.net/tracker/CVE-2008-0128" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29242" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41217" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "28549", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28549" }, { "name": "apache-singlesignon-information-disclosure(39804)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39804" }, { "name": "ADV-2008-0192", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0192" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "DSA-1468", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1468" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "28552", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28552" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0128", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "27365", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27365" }, { "name": "http://security-tracker.debian.net/tracker/CVE-2008-0128", "refsource": "CONFIRM", "url": "http://security-tracker.debian.net/tracker/CVE-2008-0128" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "29242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29242" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41217", "refsource": "CONFIRM", "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41217" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "28549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28549" }, { "name": "apache-singlesignon-information-disclosure(39804)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39804" }, { "name": "ADV-2008-0192", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0192" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "DSA-1468", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1468" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "28552", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28552" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0128", "datePublished": "2008-01-23T01:00:00", "dateReserved": "2008-01-07T00:00:00", "dateUpdated": "2024-08-07T07:32:23.929Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-5000
Vulnerability from cvelistv5
Published
2007-12-13 18:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:17:28.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "ADV-2008-0178", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0178" }, { "name": "1019093", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019093" }, { "name": "28922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28922" }, { "name": "39134", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/39134" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28749" }, { "name": "SSA:2008-045-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "name": "29988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29988" }, { "name": "apache-modimap-xss(39001)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39001" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "28375", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28375" }, { "name": "28750", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28750" }, { "name": "ADV-2008-1623", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "name": "29806", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29806" }, { "name": "apache-modimagemap-xss(39002)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39002" }, { "name": "20080716 rPSA-2008-0035-1 httpd mod_ssl", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "name": "FEDORA-2008-1695", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" }, { "name": "PK58024", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024" }, { "name": "28046", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28046" }, { "name": "28526", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28526" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "31142", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31142" }, { "name": "ADV-2008-0924", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "name": "233623", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "name": "RHSA-2008:0007", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "FEDORA-2008-1711", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" }, { "name": "ADV-2008-0084", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0084" }, { "name": "ADV-2007-4301", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4301" }, { "name": "ADV-2008-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0398" }, { "name": "RHSA-2008:0009", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "26838", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26838" }, { "name": "29420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29420" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "APPLE-SA-2008-03-18", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30430" }, { "name": "oval:org.mitre.oval:def:9539", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "28525", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28525" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "ADV-2008-0809", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "28081", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28081" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28467" }, { "name": "SSRT080059", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "PK65782", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "name": "28196", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28196" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28607" }, { "name": "SUSE-SA:2008:021", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "name": "30356", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30356" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "PK63273", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273" }, { "name": "MDVSA-2008:015", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "name": "28073", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28073" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2007-4202", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4202" }, { "name": "SSRT080010", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501" }, { "name": "HPSBMA02388", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "PK58074", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074" }, { "name": "29640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29640" }, { "name": "HPSBUX02308", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501" }, { "name": "32800", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32800" }, { "name": "28977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28977" }, { "name": "ADV-2007-4201", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4201" }, { "name": "ADV-2008-1875", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1875/references" }, { "name": "30732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30732" }, { "name": "ADV-2008-1224", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html" }, { "name": "MDVSA-2008:016", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-12-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:09:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "ADV-2008-0178", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0178" }, { "name": "1019093", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019093" }, { "name": "28922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28922" }, { "name": "39134", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/39134" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28749" }, { "name": "SSA:2008-045-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "name": "29988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29988" }, { "name": "apache-modimap-xss(39001)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39001" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "28375", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28375" }, { "name": "28750", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28750" }, { "name": "ADV-2008-1623", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "name": "29806", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29806" }, { "name": "apache-modimagemap-xss(39002)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39002" }, { "name": "20080716 rPSA-2008-0035-1 httpd mod_ssl", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "name": "FEDORA-2008-1695", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" }, { "name": "PK58024", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024" }, { "name": "28046", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28046" }, { "name": "28526", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28526" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "31142", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31142" }, { "name": "ADV-2008-0924", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "name": "233623", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "name": "RHSA-2008:0007", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "FEDORA-2008-1711", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" }, { "name": "ADV-2008-0084", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0084" }, { "name": "ADV-2007-4301", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4301" }, { "name": "ADV-2008-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0398" }, { "name": "RHSA-2008:0009", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "26838", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26838" }, { "name": "29420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29420" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "APPLE-SA-2008-03-18", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30430" }, { "name": "oval:org.mitre.oval:def:9539", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "28525", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28525" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "ADV-2008-0809", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "28081", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28081" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28467" }, { "name": "SSRT080059", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "PK65782", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "name": "28196", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28196" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28607" }, { "name": "SUSE-SA:2008:021", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "name": "30356", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30356" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "PK63273", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273" }, { "name": "MDVSA-2008:015", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "name": "28073", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28073" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2007-4202", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4202" }, { "name": "SSRT080010", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501" }, { "name": "HPSBMA02388", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "PK58074", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074" }, { "name": "29640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29640" }, { "name": "HPSBUX02308", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501" }, { "name": "32800", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32800" }, { "name": "28977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28977" }, { "name": "ADV-2007-4201", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4201" }, { "name": "ADV-2008-1875", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1875/references" }, { "name": "30732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30732" }, { "name": "ADV-2008-1224", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html" }, { "name": "MDVSA-2008:016", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-5000", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0005", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "ADV-2008-0178", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0178" }, { "name": "1019093", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019093" }, { "name": "28922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28922" }, { "name": "39134", "refsource": "OSVDB", "url": "http://www.osvdb.org/39134" }, { "name": "28749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28749" }, { "name": "SSA:2008-045-02", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "name": "29988", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29988" }, { "name": "apache-modimap-xss(39001)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39001" }, { "name": "SSRT090208", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "28375", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28375" }, { "name": "28750", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28750" }, { "name": "ADV-2008-1623", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "name": "29806", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29806" }, { "name": "apache-modimagemap-xss(39002)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39002" }, { "name": "20080716 rPSA-2008-0035-1 httpd mod_ssl", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "name": "FEDORA-2008-1695", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" }, { "name": "PK58024", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024" }, { "name": "28046", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28046" }, { "name": "28526", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28526" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2008:0006", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "31142", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31142" }, { "name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "name": "233623", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "name": "RHSA-2008:0007", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_20.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "RHSA-2008:0008", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "FEDORA-2008-1711", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" }, { "name": "ADV-2008-0084", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0084" }, { "name": "ADV-2007-4301", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4301" }, { "name": "ADV-2008-0398", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0398" }, { "name": "RHSA-2008:0009", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html" }, { "name": "MDVSA-2008:014", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "26838", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26838" }, { "name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420" }, { "name": "http://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" }, { "name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430" }, { "name": "oval:org.mitre.oval:def:9539", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539" }, { "name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "28525", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28525" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "ADV-2008-0809", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "name": "HPSBOV02683", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "28081", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28081" }, { "name": "28467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28467" }, { "name": "SSRT080059", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "PK65782", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "name": "28196", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28196" }, { "name": "RHSA-2008:0004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "28607", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28607" }, { "name": "SUSE-SA:2008:021", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "name": "30356", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30356" }, { "name": "http://httpd.apache.org/security/vulnerabilities_13.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "PK63273", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273" }, { "name": "MDVSA-2008:015", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015" }, { "name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "name": "28073", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28073" }, { "name": "28471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2007-4202", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4202" }, { "name": "SSRT080010", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501" }, { "name": "HPSBMA02388", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "PK58074", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074" }, { "name": "29640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29640" }, { "name": "HPSBUX02308", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501" }, { "name": "32800", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32800" }, { "name": "28977", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28977" }, { "name": "ADV-2007-4201", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4201" }, { "name": "ADV-2008-1875", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1875/references" }, { "name": "30732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30732" }, { "name": "ADV-2008-1224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html" }, { "name": "MDVSA-2008:016", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-5000", "datePublished": "2007-12-13T18:00:00", "dateReserved": "2007-09-20T00:00:00", "dateUpdated": "2024-08-07T15:17:28.332Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1860
Vulnerability from cvelistv5
Published
2007-05-25 18:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:13:41.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-1312", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1312" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "oval:org.mitre.oval:def:6002", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002" }, { "name": "25701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25701" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29242" }, { "name": "24147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24147" }, { "name": "25383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25383" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "34877", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/34877" }, { "name": "ADV-2007-1941", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1941" }, { "name": "GLSA-200708-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200708-15.xml" }, { "name": "RHSA-2007:0379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0379.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "1018138", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018138" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "26512", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26512" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-jk.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "tomcat-jkconnector-security-bypass(34496)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34496" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:10:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-1312", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1312" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "oval:org.mitre.oval:def:6002", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002" }, { "name": "25701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25701" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29242" }, { "name": "24147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24147" }, { "name": "25383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25383" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "34877", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/34877" }, { "name": "ADV-2007-1941", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1941" }, { "name": "GLSA-200708-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200708-15.xml" }, { "name": "RHSA-2007:0379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0379.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "1018138", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018138" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "26512", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26512" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_MISC" ], "url": "http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-jk.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "tomcat-jkconnector-security-bypass(34496)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34496" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-1860", "datePublished": "2007-05-25T18:00:00", "dateReserved": "2007-04-04T00:00:00", "dateUpdated": "2024-08-07T13:13:41.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-6306
Vulnerability from cvelistv5
Published
2007-12-11 21:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:02:36.495Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "RHSA-2008:0213", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.rapid7.com/advisories/R7-0031.jsp" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "27959", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27959" }, { "name": "RHSA-2008:0151", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679\u0026r2=680" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662\u0026r2=661\u0026pathrev=662" }, { "name": "26752", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26752" }, { "name": "20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662\u0026r2=661\u0026pathrev=662" }, { "name": "41843", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/41843" }, { "name": "41844", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/41844" }, { "name": "3430", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3430" }, { "name": "41845", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/41845" }, { "name": "RHSA-2008:0158", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "jfreechart-imagemap-xss(38922)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "RHSA-2008:0213", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.rapid7.com/advisories/R7-0031.jsp" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "27959", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27959" }, { "name": "RHSA-2008:0151", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679\u0026r2=680" }, { "tags": [ "x_refsource_MISC" ], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662\u0026r2=661\u0026pathrev=662" }, { "name": "26752", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26752" }, { "name": "20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662\u0026r2=661\u0026pathrev=662" }, { "name": "41843", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/41843" }, { "name": "41844", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/41844" }, { "name": "3430", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3430" }, { "name": "41845", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/41845" }, { "name": "RHSA-2008:0158", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "jfreechart-imagemap-xss(38922)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6306", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "RHSA-2008:0213", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html" }, { "name": "http://www.rapid7.com/advisories/R7-0031.jsp", "refsource": "MISC", "url": "http://www.rapid7.com/advisories/R7-0031.jsp" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "27959", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27959" }, { "name": "RHSA-2008:0151", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html" }, { "name": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679\u0026r2=680", "refsource": "CONFIRM", "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679\u0026r2=680" }, { "name": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662\u0026r2=661\u0026pathrev=662", "refsource": "MISC", "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662\u0026r2=661\u0026pathrev=662" }, { "name": "26752", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26752" }, { "name": "20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded" }, { "name": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662\u0026r2=661\u0026pathrev=662", "refsource": "MISC", "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662\u0026r2=661\u0026pathrev=662" }, { "name": "41843", "refsource": "OSVDB", "url": "http://osvdb.org/41843" }, { "name": "41844", "refsource": "OSVDB", "url": "http://osvdb.org/41844" }, { "name": "3430", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3430" }, { "name": "41845", "refsource": "OSVDB", "url": "http://osvdb.org/41845" }, { "name": "RHSA-2008:0158", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "jfreechart-imagemap-xss(38922)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6306", "datePublished": "2007-12-11T21:00:00", "dateReserved": "2007-12-11T00:00:00", "dateUpdated": "2024-08-07T16:02:36.495Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-4838
Vulnerability from cvelistv5
Published
2007-04-25 21:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "tomcat-functions-xss(36467)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467" }, { "name": "20070906 Apache Tomcat remote xss", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "34878", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/34878" }, { "name": "12721", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/12721" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "[tomcat-dev] 20050103 [PATCH jakarta-servletapi-5] Re: Fwd: XSS in Jakarta Tomcat 5.5.6", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=tomcat-dev\u0026m=110477195116951\u0026w=2" }, { "name": "34879", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/34879" }, { "name": "1012793", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1012793" }, { "name": "13737", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13737" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.oliverkarow.de/research/jakarta556_xss.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "[tomcat-dev] 20050103 Re: Fwd: XSS in Jakarta Tomcat 5.5.6", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=tomcat-dev\u0026m=110476790331536\u0026w=2" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:08:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "tomcat-functions-xss(36467)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467" }, { "name": "20070906 Apache Tomcat remote xss", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "34878", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/34878" }, { "name": "12721", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/12721" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "[tomcat-dev] 20050103 [PATCH jakarta-servletapi-5] Re: Fwd: XSS in Jakarta Tomcat 5.5.6", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=tomcat-dev\u0026m=110477195116951\u0026w=2" }, { "name": "34879", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/34879" }, { "name": "1012793", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1012793" }, { "name": "13737", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13737" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.oliverkarow.de/research/jakarta556_xss.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "[tomcat-dev] 20050103 Re: Fwd: XSS in Jakarta Tomcat 5.5.6", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=tomcat-dev\u0026m=110476790331536\u0026w=2" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-4838", "datePublished": "2007-04-25T21:00:00", "dateReserved": "2007-04-25T00:00:00", "dateUpdated": "2024-08-08T00:01:23.311Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0885
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.797Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "11360", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11360" }, { "name": "RHSA-2004:562", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-562.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" }, { "name": "USN-177-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-177-1" }, { "name": "20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109786159119069\u0026w=2" }, { "name": "RHSA-2005:816", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" }, { "name": "oval:org.mitre.oval:def:10384", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384" }, { "name": "19072", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19072" }, { "name": "HPSBUX01123", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123" }, { "name": "apache-sslciphersuite-restriction-bypass(17671)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17671" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "RHSA-2004:600", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-600.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "102198", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505" }, { "name": "ADV-2006-0789", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.apacheweek.com/features/security-20" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:09:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "11360", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11360" }, { "name": "RHSA-2004:562", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-562.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" }, { "name": "USN-177-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-177-1" }, { "name": "20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109786159119069\u0026w=2" }, { "name": "RHSA-2005:816", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" }, { "name": "oval:org.mitre.oval:def:10384", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384" }, { "name": "19072", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19072" }, { "name": "HPSBUX01123", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123" }, { "name": "apache-sslciphersuite-restriction-bypass(17671)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17671" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "RHSA-2004:600", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-600.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "102198", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505" }, { "name": "ADV-2006-0789", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.apacheweek.com/features/security-20" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0885", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "11360", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11360" }, { "name": "RHSA-2004:562", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-562.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" }, { "name": "USN-177-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-177-1" }, { "name": "20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109786159119069\u0026w=2" }, { "name": "RHSA-2005:816", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" }, { "name": "oval:org.mitre.oval:def:10384", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384" }, { "name": "19072", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19072" }, { "name": "HPSBUX01123", "refsource": "HP", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123" }, { "name": "apache-sslciphersuite-restriction-bypass(17671)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17671" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "RHSA-2004:600", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-600.html" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "102198", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" }, { "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505", "refsource": "CONFIRM", "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505" }, { "name": "ADV-2006-0789", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0789" }, { "name": "http://www.apacheweek.com/features/security-20", "refsource": "CONFIRM", "url": "http://www.apacheweek.com/features/security-20" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0885", "datePublished": "2004-10-16T04:00:00", "dateReserved": "2004-09-22T00:00:00", "dateUpdated": "2024-08-08T00:31:47.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2450
Vulnerability from cvelistv5
Published
2007-06-14 23:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:42:32.605Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "36079", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/36079" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "name": "oval:org.mitre.oval:def:11287", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "RHSA-2007:0569", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "1018245", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018245" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "28549", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28549" }, { "name": "20070614 [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/471357/100/0/threaded" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "25678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25678" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27727" }, { "name": "24475", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24475" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "tomcat-hostmanager-xss(34868)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34868" }, { "name": "DSA-1468", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1468" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26076", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26076" }, { "name": "JVN#07100457", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/jp/JVN%2307100457/index.html" }, { "name": "ADV-2007-2213", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "2813", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2813" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:23", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "36079", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/36079" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "name": "oval:org.mitre.oval:def:11287", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "RHSA-2007:0569", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "1018245", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018245" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "28549", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28549" }, { "name": "20070614 [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/471357/100/0/threaded" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "25678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25678" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27727" }, { "name": "24475", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24475" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "tomcat-hostmanager-xss(34868)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34868" }, { "name": "DSA-1468", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1468" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26076", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26076" }, { "name": "JVN#07100457", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/jp/JVN%2307100457/index.html" }, { "name": "ADV-2007-2213", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "2813", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2813" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-2450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30908" }, { "name": "http://support.apple.com/kb/HT2163", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT2163" }, { "name": "239312", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "36079", "refsource": "OSVDB", "url": "http://www.osvdb.org/36079" }, { "name": "ADV-2008-1981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30899" }, { "name": "oval:org.mitre.oval:def:11287", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287" }, { "name": "FEDORA-2007-3456", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "ADV-2008-1979", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "RHSA-2007:0569", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "1018245", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018245" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "28549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28549" }, { "name": "20070614 [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471357/100/0/threaded" }, { "name": "APPLE-SA-2008-06-30", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "25678", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25678" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30802" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27727" }, { "name": "24475", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24475" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "tomcat-hostmanager-xss(34868)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34868" }, { "name": "DSA-1468", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1468" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26076", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26076" }, { "name": "JVN#07100457", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2307100457/index.html" }, { "name": "ADV-2007-2213", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2213" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "MDKSA-2007:241", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "2813", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2813" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-2450", "datePublished": "2007-06-14T23:00:00", "dateReserved": "2007-05-02T00:00:00", "dateUpdated": "2024-08-07T13:42:32.605Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-6388
Vulnerability from cvelistv5
Published
2008-01-08 18:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:02:36.753Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "ADV-2008-0554", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0554" }, { "name": "ADV-2008-0447", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0447/references" }, { "name": "28922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28922" }, { "name": "ADV-2008-0986", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0986/references" }, { "name": "3541", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3541" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28749" }, { "name": "SSA:2008-045-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "name": "29988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29988" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "ADV-2008-1623", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "name": "29806", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29806" }, { "name": "20080716 rPSA-2008-0035-1 httpd mod_ssl", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "name": "FEDORA-2008-1695", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" }, { "name": "1019154", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019154" }, { "name": "28526", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28526" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "oval:org.mitre.oval:def:10272", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272" }, { "name": "31142", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31142" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html" }, { "name": "ADV-2008-0924", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "name": "233623", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "name": "RHSA-2008:0007", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "ADV-2008-0047", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0047" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "FEDORA-2008-1711", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" }, { "name": "RHSA-2008:0009", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "29420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29420" }, { "name": "29504", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29504" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "SSRT080015", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded" }, { "name": "APPLE-SA-2008-03-18", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "apache-status-page-xss(39472)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472" }, { "name": "ADV-2008-0809", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28467" }, { "name": "SSRT080059", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039" }, { "name": "PK65782", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "name": "HPSBUX02313", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28607" }, { "name": "PK62966", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966" }, { "name": "SUSE-SA:2008:021", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "name": "30356", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30356" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "PK63273", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273" }, { "name": "MDVSA-2008:015", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "name": "33200", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33200" }, { "name": "28965", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28965" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28471" }, { "name": "27237", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/27237" }, { "name": "HPSBMA02388", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "29640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29640" }, { "name": "32800", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32800" }, { "name": "28977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28977" }, { "name": "30732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30732" }, { "name": "ADV-2008-1224", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "name": "PK59667", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK59667\u0026apar=only" }, { "name": "MDVSA-2008:016", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-01-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:09:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "ADV-2008-0554", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0554" }, { "name": "ADV-2008-0447", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0447/references" }, { "name": "28922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28922" }, { "name": "ADV-2008-0986", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0986/references" }, { "name": "3541", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3541" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28749" }, { "name": "SSA:2008-045-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "name": "29988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29988" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "ADV-2008-1623", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "name": "29806", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29806" }, { "name": "20080716 rPSA-2008-0035-1 httpd mod_ssl", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "name": "FEDORA-2008-1695", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" }, { "name": "1019154", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019154" }, { "name": "28526", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28526" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "oval:org.mitre.oval:def:10272", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272" }, { "name": "31142", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31142" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html" }, { "name": "ADV-2008-0924", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "name": "233623", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "name": "RHSA-2008:0007", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "ADV-2008-0047", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0047" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "FEDORA-2008-1711", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" }, { "name": "RHSA-2008:0009", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "29420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29420" }, { "name": "29504", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29504" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "SSRT080015", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded" }, { "name": "APPLE-SA-2008-03-18", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "apache-status-page-xss(39472)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472" }, { "name": "ADV-2008-0809", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28467" }, { "name": "SSRT080059", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039" }, { "name": "PK65782", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "name": "HPSBUX02313", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28607" }, { "name": "PK62966", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966" }, { "name": "SUSE-SA:2008:021", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "name": "30356", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30356" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "PK63273", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273" }, { "name": "MDVSA-2008:015", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "name": "33200", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33200" }, { "name": "28965", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28965" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28471" }, { "name": "27237", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/27237" }, { "name": "HPSBMA02388", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "29640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29640" }, { "name": "32800", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32800" }, { "name": "28977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28977" }, { "name": "30732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30732" }, { "name": "ADV-2008-1224", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "name": "PK59667", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK59667\u0026apar=only" }, { "name": "MDVSA-2008:016", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0005", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "ADV-2008-0554", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0554" }, { "name": "ADV-2008-0447", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0447/references" }, { "name": "28922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28922" }, { "name": "ADV-2008-0986", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0986/references" }, { "name": "3541", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3541" }, { "name": "28749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28749" }, { "name": "SSA:2008-045-02", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "name": "29988", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29988" }, { "name": "SSRT090208", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "ADV-2008-1623", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "name": "29806", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29806" }, { "name": "20080716 rPSA-2008-0035-1 httpd mod_ssl", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "name": "FEDORA-2008-1695", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" }, { "name": "1019154", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019154" }, { "name": "28526", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28526" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2008:0006", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "oval:org.mitre.oval:def:10272", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272" }, { "name": "31142", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31142" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html" }, { "name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "name": "233623", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "name": "RHSA-2008:0007", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_20.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "ADV-2008-0047", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0047" }, { "name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "RHSA-2008:0008", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "FEDORA-2008-1711", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" }, { "name": "RHSA-2008:0009", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html" }, { "name": "MDVSA-2008:014", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420" }, { "name": "29504", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29504" }, { "name": "http://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "SSRT080015", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded" }, { "name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" }, { "name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "apache-status-page-xss(39472)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472" }, { "name": "ADV-2008-0809", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "name": "HPSBOV02683", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "28467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28467" }, { "name": "SSRT080059", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039" }, { "name": "PK65782", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "name": "HPSBUX02313", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded" }, { "name": "RHSA-2008:0004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "28607", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28607" }, { "name": "PK62966", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966" }, { "name": "SUSE-SA:2008:021", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "name": "30356", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30356" }, { "name": "http://httpd.apache.org/security/vulnerabilities_13.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "PK63273", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273" }, { "name": "MDVSA-2008:015", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015" }, { "name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "name": "33200", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33200" }, { "name": "28965", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28965" }, { "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf", "refsource": "CONFIRM", "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf" }, { "name": "28471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28471" }, { "name": "27237", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27237" }, { "name": "HPSBMA02388", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "29640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29640" }, { "name": "32800", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32800" }, { "name": "28977", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28977" }, { "name": "30732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30732" }, { "name": "ADV-2008-1224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "name": "PK59667", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK59667\u0026apar=only" }, { "name": "MDVSA-2008:016", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6388", "datePublished": "2008-01-08T18:00:00", "dateReserved": "2007-12-17T00:00:00", "dateUpdated": "2024-08-07T16:02:36.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-0243
Vulnerability from cvelistv5
Published
2007-01-17 22:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:12:17.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded" }, { "name": "102760", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "24468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24468" }, { "name": "RHSA-2007:0166", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html" }, { "name": "VU#388289", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/388289" }, { "name": "HPSBUX02196", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00876579" }, { "name": "26049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26049" }, { "name": "ADV-2007-1814", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1814" }, { "name": "24202", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24202" }, { "name": "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded" }, { "name": "25283", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25283" }, { "name": "32834", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/32834" }, { "name": "24189", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24189" }, { "name": "SSRT071318", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00876579" }, { "name": "SUSE-SA:2007:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "2158", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2158" }, { "name": "1017520", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017520" }, { "name": "RHSA-2007:0956", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "oval:org.mitre.oval:def:11073", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073" }, { "name": "26645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26645" }, { "name": "RHSA-2007:0167", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html" }, { "name": "26119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26119" }, { "name": "23757", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23757" }, { "name": "22085", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22085" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "24993", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24993" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28115" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html" }, { "name": "ADV-2007-0211", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0211" }, { "name": "27203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27203" }, { "name": "jre-gif-bo(31537)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537" }, { "name": "ADV-2007-0936", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0936" }, { "name": "GLSA-200702-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "GLSA-200702-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml" }, { "name": "TA07-022A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html" }, { "name": "BEA07-172.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/242" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-01-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded" }, { "name": "102760", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "24468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24468" }, { "name": "RHSA-2007:0166", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html" }, { "name": "VU#388289", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/388289" }, { "name": "HPSBUX02196", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00876579" }, { "name": "26049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26049" }, { "name": "ADV-2007-1814", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1814" }, { "name": "24202", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24202" }, { "name": "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded" }, { "name": "25283", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25283" }, { "name": "32834", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/32834" }, { "name": "24189", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24189" }, { "name": "SSRT071318", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00876579" }, { "name": "SUSE-SA:2007:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "2158", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2158" }, { "name": "1017520", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017520" }, { "name": "RHSA-2007:0956", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "oval:org.mitre.oval:def:11073", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073" }, { "name": "26645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26645" }, { "name": "RHSA-2007:0167", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html" }, { "name": "26119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26119" }, { "name": "23757", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23757" }, { "name": "22085", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22085" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "24993", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24993" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28115" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html" }, { "name": "ADV-2007-0211", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0211" }, { "name": "27203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27203" }, { "name": "jre-gif-bo(31537)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537" }, { "name": "ADV-2007-0936", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0936" }, { "name": "GLSA-200702-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "GLSA-200702-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml" }, { "name": "TA07-022A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html" }, { "name": "BEA07-172.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/242" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0243", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded" }, { "name": "102760", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1" }, { "name": "http://docs.info.apple.com/article.html?artnum=307177", "refsource": "MISC", "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "24468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24468" }, { "name": "RHSA-2007:0166", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html" }, { "name": "VU#388289", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/388289" }, { "name": "HPSBUX02196", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00876579" }, { "name": "26049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26049" }, { "name": "ADV-2007-1814", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1814" }, { "name": "24202", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24202" }, { "name": "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded" }, { "name": "25283", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25283" }, { "name": "32834", "refsource": "OSVDB", "url": "http://osvdb.org/32834" }, { "name": "24189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24189" }, { "name": "SSRT071318", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00876579" }, { "name": "SUSE-SA:2007:045", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "APPLE-SA-2007-12-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "2158", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2158" }, { "name": "1017520", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017520" }, { "name": "RHSA-2007:0956", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "oval:org.mitre.oval:def:11073", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073" }, { "name": "26645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26645" }, { "name": "RHSA-2007:0167", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html" }, { "name": "26119", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26119" }, { "name": "23757", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23757" }, { "name": "22085", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22085" }, { "name": "ADV-2007-4224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "24993", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24993" }, { "name": "28115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28115" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html" }, { "name": "ADV-2007-0211", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0211" }, { "name": "27203", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27203" }, { "name": "jre-gif-bo(31537)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537" }, { "name": "ADV-2007-0936", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0936" }, { "name": "GLSA-200702-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml" }, { "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "GLSA-200702-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml" }, { "name": "TA07-022A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html" }, { "name": "BEA07-172.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/242" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0243", "datePublished": "2007-01-17T22:00:00", "dateReserved": "2007-01-16T00:00:00", "dateUpdated": "2024-08-07T12:12:17.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-0605
Vulnerability from cvelistv5
Published
2005-03-04 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:21:06.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:331", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19624" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/92-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2005:331", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19624" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/92-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0605", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2005:331", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=83598", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19624" }, { "name": "https://bugs.freedesktop.org/attachment.cgi?id=1909", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=83655", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/92-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0605", "datePublished": "2005-03-04T05:00:00", "dateReserved": "2005-03-01T00:00:00", "dateUpdated": "2024-08-07T21:21:06.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-3385
Vulnerability from cvelistv5
Published
2007-08-14 22:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:14:12.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-1453", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "name": "RHSA-2007:0950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "3011", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3011" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "27267", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27267" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2007-3527", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3527" }, { "name": "26466", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26466" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "ADV-2007-2902", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "tomcat-slashcookie-information-disclosure(35999)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35999" }, { "name": "26898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26898" }, { "name": "28361", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28361" }, { "name": "IZ55562", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562" }, { "name": "SSRT071472", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "44183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44183" }, { "name": "28317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "RHSA-2007:0871", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "1018557", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018557" }, { "name": "25316", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25316" }, { "name": "VU#993544", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/993544" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36486", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36486" }, { "name": "HPSBTU02276", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "DSA-1447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "name": "oval:org.mitre.oval:def:9549", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "20070814 CVE-2007-3385: Handling of \\\" in cookies", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/476444/100/0/threaded" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:08:24", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-1453", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "name": "RHSA-2007:0950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "3011", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3011" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "27267", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27267" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2007-3527", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3527" }, { "name": "26466", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26466" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "ADV-2007-2902", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "tomcat-slashcookie-information-disclosure(35999)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35999" }, { "name": "26898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26898" }, { "name": "28361", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28361" }, { "name": "IZ55562", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562" }, { "name": "SSRT071472", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "44183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44183" }, { "name": "28317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "RHSA-2007:0871", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "1018557", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018557" }, { "name": "25316", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25316" }, { "name": "VU#993544", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/993544" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36486", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36486" }, { "name": "HPSBTU02276", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "DSA-1447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "name": "oval:org.mitre.oval:def:9549", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "20070814 CVE-2007-3385: Handling of \\\" in cookies", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/476444/100/0/threaded" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-3385", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-1453", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1453" }, { "name": "RHSA-2007:0950", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html" }, { "name": "http://support.apple.com/kb/HT2163", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT2163" }, { "name": "ADV-2008-1981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "3011", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3011" }, { "name": "FEDORA-2007-3456", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "27267", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27267" }, { "name": "29242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2007-3527", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3527" }, { "name": "26466", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26466" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "ADV-2007-2902", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "tomcat-slashcookie-information-disclosure(35999)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35999" }, { "name": "26898", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26898" }, { "name": "28361", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28361" }, { "name": "IZ55562", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562" }, { "name": "SSRT071472", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "44183", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44183" }, { "name": "28317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "RHSA-2007:0871", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "1018557", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018557" }, { "name": "25316", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25316" }, { "name": "VU#993544", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/993544" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36486", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36486" }, { "name": "HPSBTU02276", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "DSA-1447", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1447" }, { "name": "oval:org.mitre.oval:def:9549", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "20070814 CVE-2007-3385: Handling of \\\" in cookies", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/476444/100/0/threaded" }, { "name": "MDKSA-2007:241", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-3385", "datePublished": "2007-08-14T22:00:00", "dateReserved": "2007-06-25T00:00:00", "dateUpdated": "2024-08-07T14:14:12.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-3964
Vulnerability from cvelistv5
Published
2005-12-02 11:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2006-0272.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/archive/1/418459/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9393 | vdb-entry, signature, x_refsource_OVAL | |
http://securitytracker.com/id?1015303 | vdb-entry, x_refsource_SECTRACK | |
http://marc.info/?l=full-disclosure&m=113349242925897&w=2 | mailing-list, x_refsource_FULLDISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/23389 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2005/2709 | vdb-entry, x_refsource_VUPEN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/23388 | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2008-0261.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/15686 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/bid/15684 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:31:48.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2006:0272", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0272.html" }, { "name": "20051202 [xfocus-SD-051202]openMotif libUil Multiple vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/418459/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:9393", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9393" }, { "name": "1015303", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015303" }, { "name": "20051201 [xfocus-SD-051202]openMotif-libUil-Multiple_vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113349242925897\u0026w=2" }, { "name": "openmotif-opensourcefile-bo(23389)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23389" }, { "name": "ADV-2005-2709", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2709" }, { "name": "openmotif-diagissuediagnostic-bo(23388)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23388" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "15686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15686" }, { "name": "15684", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15684" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-12-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2006:0272", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0272.html" }, { "name": "20051202 [xfocus-SD-051202]openMotif libUil Multiple vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/418459/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:9393", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9393" }, { "name": "1015303", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015303" }, { "name": "20051201 [xfocus-SD-051202]openMotif-libUil-Multiple_vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113349242925897\u0026w=2" }, { "name": "openmotif-opensourcefile-bo(23389)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23389" }, { "name": "ADV-2005-2709", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2709" }, { "name": "openmotif-diagissuediagnostic-bo(23388)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23388" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "15686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15686" }, { "name": "15684", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15684" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-3964", "datePublished": "2005-12-02T11:00:00", "dateReserved": "2005-12-02T00:00:00", "dateUpdated": "2024-08-07T23:31:48.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-5961
Vulnerability from cvelistv5
Published
2008-05-23 14:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1020051 | vdb-entry, x_refsource_SECTRACK | |
https://bugzilla.redhat.com/show_bug.cgi?id=396641 | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2008-0261.html | vendor-advisory, x_refsource_REDHAT | |
http://osvdb.org/45765 | vdb-entry, x_refsource_OSVDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/42559 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:47:00.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1020051", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020051" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "45765", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/45765" }, { "name": "redhat-network-channelsearch-xss(42559)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42559" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-05-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1020051", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020051" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "45765", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/45765" }, { "name": "redhat-network-channelsearch-xss(42559)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42559" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-5961", "datePublished": "2008-05-23T14:00:00", "dateReserved": "2007-11-14T00:00:00", "dateUpdated": "2024-08-07T15:47:00.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-3304
Vulnerability from cvelistv5
Published
2007-06-20 22:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:14:12.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "28606", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28606" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111" }, { "name": "MDKSA-2007:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" }, { "name": "26822", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26822" }, { "name": "ADV-2007-4305", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "name": "ADV-2007-3420", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3420" }, { "name": "RHSA-2007:0557", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html" }, { "name": "38939", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/38939" }, { "name": "PK52702", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" }, { "name": "MDKSA-2007:140", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" }, { "name": "HPSBUX02273", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" }, { "name": "25827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25827" }, { "name": "25920", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25920" }, { "name": "26993", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26993" }, { "name": "28212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28212" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://security.psnc.pl/files/apache_report.pdf" }, { "name": "1018304", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018304" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27732" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=547987" }, { "name": "103179", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "name": "27209", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27209" }, { "name": "RHSA-2007:0662", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0662.html" }, { "name": "26790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26790" }, { "name": "RHSA-2007:0556", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "20070529 Apache httpd vulenrabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=apache-httpd-dev\u0026m=118252946632447\u0026w=2" }, { "name": "26759", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26759" }, { "name": "ADV-2007-3494", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3494" }, { "name": "PK50467", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK50467\u0026apar=only" }, { "name": "2007-0026", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0026/" }, { "name": "RHSA-2007:0532", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/errata/RHSA-2007-0532.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1710" }, { "name": "[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192%40redhat.com%3e" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "2814", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2814" }, { "name": "oval:org.mitre.oval:def:11589", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589" }, { "name": "27121", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27121" }, { "name": "20070619 Apache Prefork MPM vulnerabilities - Report", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded" }, { "name": "ADV-2008-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "name": "26211", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26211" }, { "name": "apache-child-process-dos(35095)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095" }, { "name": "26443", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26443" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "28224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28224" }, { "name": "200032", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "name": "25830", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25830" }, { "name": "24215", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24215" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm" }, { "name": "USN-499-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26508", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26508" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26842" }, { "name": "ADV-2007-3283", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "name": "20070701-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" }, { "name": "PK53984", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984" }, { "name": "ADV-2007-2727", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "name": "26611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26611" }, { "name": "26273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26273" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "name": "ADV-2007-3100", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3100" }, { "name": "SSRT071476", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:10:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "28606", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28606" }, { "tags": [ "x_refsource_MISC" ], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111" }, { "name": "MDKSA-2007:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" }, { "name": "26822", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26822" }, { "name": "ADV-2007-4305", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "name": "ADV-2007-3420", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3420" }, { "name": "RHSA-2007:0557", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html" }, { "name": "38939", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/38939" }, { "name": "PK52702", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" }, { "name": "MDKSA-2007:140", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" }, { "name": "HPSBUX02273", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" }, { "name": "25827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25827" }, { "name": "25920", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25920" }, { "name": "26993", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26993" }, { "name": "28212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28212" }, { "tags": [ "x_refsource_MISC" ], "url": "http://security.psnc.pl/files/apache_report.pdf" }, { "name": "1018304", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018304" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27732" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=547987" }, { "name": "103179", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "name": "27209", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27209" }, { "name": "RHSA-2007:0662", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0662.html" }, { "name": "26790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26790" }, { "name": "RHSA-2007:0556", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "20070529 Apache httpd vulenrabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=apache-httpd-dev\u0026m=118252946632447\u0026w=2" }, { "name": "26759", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26759" }, { "name": "ADV-2007-3494", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3494" }, { "name": "PK50467", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK50467\u0026apar=only" }, { "name": "2007-0026", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0026/" }, { "name": "RHSA-2007:0532", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/errata/RHSA-2007-0532.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1710" }, { "name": "[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192%40redhat.com%3e" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "2814", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2814" }, { "name": "oval:org.mitre.oval:def:11589", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589" }, { "name": "27121", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27121" }, { "name": "20070619 Apache Prefork MPM vulnerabilities - Report", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded" }, { "name": "ADV-2008-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "name": "26211", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26211" }, { "name": "apache-child-process-dos(35095)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095" }, { "name": "26443", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26443" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "28224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28224" }, { "name": "200032", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "name": "25830", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25830" }, { "name": "24215", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24215" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm" }, { "name": "USN-499-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26508", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26508" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26842" }, { "name": "ADV-2007-3283", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "name": "20070701-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" }, { "name": "PK53984", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984" }, { "name": "ADV-2007-2727", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "name": "26611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26611" }, { "name": "26273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26273" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "name": "ADV-2007-3100", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3100" }, { "name": "SSRT071476", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3304", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "28606", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28606" }, { "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111", "refsource": "MISC", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111" }, { "name": "MDKSA-2007:142", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" }, { "name": "26822", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26822" }, { "name": "ADV-2007-4305", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "name": "ADV-2007-3420", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3420" }, { "name": "RHSA-2007:0557", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html" }, { "name": "38939", "refsource": "OSVDB", "url": "http://osvdb.org/38939" }, { "name": "PK52702", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" }, { "name": "MDKSA-2007:140", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" }, { "name": "HPSBUX02273", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" }, { "name": "25827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25827" }, { "name": "25920", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25920" }, { "name": "26993", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26993" }, { "name": "28212", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28212" }, { "name": "http://security.psnc.pl/files/apache_report.pdf", "refsource": "MISC", "url": "http://security.psnc.pl/files/apache_report.pdf" }, { "name": "1018304", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018304" }, { "name": "27563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27732" }, { "name": "http://svn.apache.org/viewvc?view=rev\u0026revision=547987", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=547987" }, { "name": "103179", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "name": "27209", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27209" }, { "name": "RHSA-2007:0662", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0662.html" }, { "name": "26790", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26790" }, { "name": "RHSA-2007:0556", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_20.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "SUSE-SA:2007:061", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "20070529 Apache httpd vulenrabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded" }, { "name": "FEDORA-2007-2214", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)", "refsource": "MLIST", "url": "http://marc.info/?l=apache-httpd-dev\u0026m=118252946632447\u0026w=2" }, { "name": "26759", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26759" }, { "name": "ADV-2007-3494", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3494" }, { "name": "PK50467", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK50467\u0026apar=only" }, { "name": "2007-0026", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0026/" }, { "name": "RHSA-2007:0532", "refsource": "REDHAT", "url": "http://www.redhat.com/errata/RHSA-2007-0532.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "https://issues.rpath.com/browse/RPL-1710", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1710" }, { "name": "[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "2814", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2814" }, { "name": "oval:org.mitre.oval:def:11589", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589" }, { "name": "27121", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27121" }, { "name": "20070619 Apache Prefork MPM vulnerabilities - Report", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded" }, { "name": "ADV-2008-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "name": "26211", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26211" }, { "name": "apache-child-process-dos(35095)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095" }, { "name": "26443", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26443" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_13.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "GLSA-200711-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "28224", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28224" }, { "name": "200032", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "name": "25830", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25830" }, { "name": "24215", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24215" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm" }, { "name": "USN-499-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26508", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26508" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" }, { "name": "26842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26842" }, { "name": "ADV-2007-3283", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "name": "20070701-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" }, { "name": "PK53984", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984" }, { "name": "ADV-2007-2727", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "name": "26611", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26611" }, { "name": "26273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26273" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "name": "ADV-2007-3100", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3100" }, { "name": "SSRT071476", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3304", "datePublished": "2007-06-20T22:00:00", "dateReserved": "2007-06-20T00:00:00", "dateUpdated": "2024-08-07T14:14:12.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-0898
Vulnerability from cvelistv5
Published
2006-02-25 11:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:48:56.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20899" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "GLSA-200603-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml" }, { "name": "19187", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19187" }, { "name": "488", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/488" }, { "name": "DSA-996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-996" }, { "name": "20060223 Vulnerability in Crypt::CBC Perl module, versions \u003c= 2.16", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded" }, { "name": "SUSE-SR:2006:015", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html" }, { "name": "19303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19303" }, { "name": "18755", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18755" }, { "name": "16802", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16802" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "crypt-cbc-header-weak-encryption(24954)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20899" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "GLSA-200603-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml" }, { "name": "19187", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19187" }, { "name": "488", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/488" }, { "name": "DSA-996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-996" }, { "name": "20060223 Vulnerability in Crypt::CBC Perl module, versions \u003c= 2.16", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded" }, { "name": "SUSE-SR:2006:015", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html" }, { "name": "19303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19303" }, { "name": "18755", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18755" }, { "name": "16802", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16802" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "crypt-cbc-header-weak-encryption(24954)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0898", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20899" }, { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "GLSA-200603-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml" }, { "name": "19187", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19187" }, { "name": "488", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/488" }, { "name": "DSA-996", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-996" }, { "name": "20060223 Vulnerability in Crypt::CBC Perl module, versions \u003c= 2.16", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded" }, { "name": "SUSE-SR:2006:015", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html" }, { "name": "19303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19303" }, { "name": "18755", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18755" }, { "name": "16802", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16802" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "crypt-cbc-header-weak-encryption(24954)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0898", "datePublished": "2006-02-25T11:00:00", "dateReserved": "2006-02-25T00:00:00", "dateUpdated": "2024-08-07T16:48:56.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-3382
Vulnerability from cvelistv5
Published
2007-08-14 22:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:14:12.904Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-1453", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "name": "RHSA-2007:0950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "20070814 Re: CVE-2007-3382: Handling of cookies containing a \u0027 character", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/476466/100/0/threaded" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "27267", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27267" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2007-3527", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3527" }, { "name": "1018556", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018556" }, { "name": "26466", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26466" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "ADV-2007-2902", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "26898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26898" }, { "name": "28361", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28361" }, { "name": "IZ55562", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562" }, { "name": "SSRT071472", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "28317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "RHSA-2007:0871", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "25316", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25316" }, { "name": "VU#993544", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/993544" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "20070814 CVE-2007-3382: Handling of cookies containing a \u0027 character", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/476442/100/0/threaded" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36486", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36486" }, { "name": "HPSBTU02276", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "DSA-1447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "oval:org.mitre.oval:def:11269", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "tomcat-quotecookie-information-disclosure(36006)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:21", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-1453", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "name": "RHSA-2007:0950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "20070814 Re: CVE-2007-3382: Handling of cookies containing a \u0027 character", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/476466/100/0/threaded" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "27267", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27267" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2007-3527", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3527" }, { "name": "1018556", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018556" }, { "name": "26466", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26466" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "ADV-2007-2902", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "26898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26898" }, { "name": "28361", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28361" }, { "name": "IZ55562", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562" }, { "name": "SSRT071472", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "28317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "RHSA-2007:0871", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "25316", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25316" }, { "name": "VU#993544", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/993544" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "20070814 CVE-2007-3382: Handling of cookies containing a \u0027 character", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/476442/100/0/threaded" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36486", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36486" }, { "name": "HPSBTU02276", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "DSA-1447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "oval:org.mitre.oval:def:11269", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "tomcat-quotecookie-information-disclosure(36006)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-3382", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-1453", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1453" }, { "name": "RHSA-2007:0950", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html" }, { "name": "http://support.apple.com/kb/HT2163", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT2163" }, { "name": "20070814 Re: CVE-2007-3382: Handling of cookies containing a \u0027 character", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/476466/100/0/threaded" }, { "name": "ADV-2008-1981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "FEDORA-2007-3456", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "27267", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27267" }, { "name": "29242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2007-3527", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3527" }, { "name": "1018556", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018556" }, { "name": "26466", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26466" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "ADV-2007-2902", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "26898", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26898" }, { "name": "28361", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28361" }, { "name": "IZ55562", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562" }, { "name": "SSRT071472", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "28317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "RHSA-2007:0871", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "30802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "25316", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25316" }, { "name": "VU#993544", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/993544" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "20070814 CVE-2007-3382: Handling of cookies containing a \u0027 character", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/476442/100/0/threaded" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "36486", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36486" }, { "name": "HPSBTU02276", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554" }, { "name": "DSA-1447", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1447" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "oval:org.mitre.oval:def:11269", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "tomcat-quotecookie-information-disclosure(36006)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006" }, { "name": "MDKSA-2007:241", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-3382", "datePublished": "2007-08-14T22:00:00", "dateReserved": "2007-06-25T00:00:00", "dateUpdated": "2024-08-07T14:14:12.904Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-4465
Vulnerability from cvelistv5
Published
2007-09-14 00:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:53:56.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "3113", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3113" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28749" }, { "name": "oval:org.mitre.oval:def:6089", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "name": "HPSBUX02465", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "26952", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26952" }, { "name": "31651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31651" }, { "name": "SSRT090085", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "25653", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25653" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27732" }, { "name": "1019194", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019194" }, { "name": "RHSA-2007:0911", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10929", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "name": "SSRT090192", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "HPSBUX02365", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30430" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "33105", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33105" }, { "name": "apache-utf7-xss(36586)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28467" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28607" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "HPSBUX02431", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "FEDORA-2007-707", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/46" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26842" }, { "name": "SSRT080118", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "35650", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35650" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "3113", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3113" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28749" }, { "name": "oval:org.mitre.oval:def:6089", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "name": "HPSBUX02465", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "26952", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26952" }, { "name": "31651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31651" }, { "name": "SSRT090085", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "25653", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25653" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27732" }, { "name": "1019194", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019194" }, { "name": "RHSA-2007:0911", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10929", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "name": "SSRT090192", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "HPSBUX02365", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30430" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "33105", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33105" }, { "name": "apache-utf7-xss(36586)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28467" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28607" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "HPSBUX02431", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "FEDORA-2007-707", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/46" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26842" }, { "name": "SSRT080118", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "35650", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35650" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0005", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "3113", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3113" }, { "name": "28749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28749" }, { "name": "oval:org.mitre.oval:def:6089", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "name": "HPSBUX02465", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "26952", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26952" }, { "name": "31651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31651" }, { "name": "SSRT090085", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "25653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25653" }, { "name": "27563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27732" }, { "name": "1019194", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019194" }, { "name": "RHSA-2007:0911", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "name": "RHSA-2008:0006", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10929", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "name": "SSRT090192", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "SUSE-SA:2007:061", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "RHSA-2008:0008", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "MDVSA-2008:014", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "HPSBUX02365", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430" }, { "name": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "33105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33105" }, { "name": "apache-utf7-xss(36586)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "name": "28467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28467" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "name": "RHSA-2008:0004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "28607", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28607" }, { "name": "GLSA-200711-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "HPSBUX02431", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "FEDORA-2007-707", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "name": "28471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/46" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "26842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26842" }, { "name": "SSRT080118", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "35650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35650" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4465", "datePublished": "2007-09-14T00:00:00", "dateReserved": "2007-08-21T00:00:00", "dateUpdated": "2024-08-07T14:53:56.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2789
Vulnerability from cvelistv5
Published
2007-05-22 00:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:49:57.366Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "26933", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26933" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "sun-java-virtual-machine-dos(34654)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654" }, { "name": "oval:org.mitre.oval:def:10800", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800" }, { "name": "26049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26049" }, { "name": "BEA07-177.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/248" }, { "name": "26311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26311" }, { "name": "20070703 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" }, { "name": "200856", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://scary.beasts.org/security/CESA-2006-004.html" }, { "name": "30805", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30805" }, { "name": "GLSA-200705-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "24004", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24004" }, { "name": "20071218 Sun JDK Confusion Revisited", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" }, { "name": "26369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26369" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "102934", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" }, { "name": "28056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28056" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "SUSE-SA:2007:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "ADV-2007-1836", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1836" }, { "name": "sunjava-bmp-dos(34320)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2008:0100", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" }, { "name": "RHSA-2007:0956", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "RHSA-2007:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "26645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26645" }, { "name": "26119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26119" }, { "name": "25832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "25295", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25295" }, { "name": "ADV-2007-3009", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3009" }, { "name": "27266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27266" }, { "name": "SUSE-SA:2007:056", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" }, { "name": "20070711 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" }, { "name": "GLSA-200709-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28115" }, { "name": "1018182", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018182" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "29340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29340" }, { "name": "25474", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25474" }, { "name": "RHSA-2007:1086", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" }, { "name": "27203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27203" }, { "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "RHSA-2007:0829", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" }, { "name": "26631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26631" }, { "name": "RHSA-2008:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "26933", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26933" }, { "tags": [ "x_refsource_MISC" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "sun-java-virtual-machine-dos(34654)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654" }, { "name": "oval:org.mitre.oval:def:10800", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800" }, { "name": "26049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26049" }, { "name": "BEA07-177.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/248" }, { "name": "26311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26311" }, { "name": "20070703 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" }, { "name": "200856", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://scary.beasts.org/security/CESA-2006-004.html" }, { "name": "30805", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30805" }, { "name": "GLSA-200705-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "24004", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24004" }, { "name": "20071218 Sun JDK Confusion Revisited", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" }, { "name": "26369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26369" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "102934", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" }, { "name": "28056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28056" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "SUSE-SA:2007:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "ADV-2007-1836", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1836" }, { "name": "sunjava-bmp-dos(34320)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2008:0100", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" }, { "name": "RHSA-2007:0956", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "RHSA-2007:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "26645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26645" }, { "name": "26119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26119" }, { "name": "25832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "25295", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25295" }, { "name": "ADV-2007-3009", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3009" }, { "name": "27266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27266" }, { "name": "SUSE-SA:2007:056", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" }, { "name": "20070711 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" }, { "name": "GLSA-200709-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28115" }, { "name": "1018182", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018182" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "29340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29340" }, { "name": "25474", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25474" }, { "name": "RHSA-2007:1086", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" }, { "name": "27203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27203" }, { "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "RHSA-2007:0829", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" }, { "name": "26631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26631" }, { "name": "RHSA-2008:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2789", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "26933", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26933" }, { "name": "http://docs.info.apple.com/article.html?artnum=307177", "refsource": "MISC", "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "sun-java-virtual-machine-dos(34654)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654" }, { "name": "oval:org.mitre.oval:def:10800", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800" }, { "name": "26049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26049" }, { "name": "BEA07-177.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/248" }, { "name": "26311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26311" }, { "name": "20070703 Sun JDK Confusion", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" }, { "name": "200856", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" }, { "name": "http://scary.beasts.org/security/CESA-2006-004.html", "refsource": "MISC", "url": "http://scary.beasts.org/security/CESA-2006-004.html" }, { "name": "30805", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30805" }, { "name": "GLSA-200705-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "24004", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24004" }, { "name": "20071218 Sun JDK Confusion Revisited", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" }, { "name": "26369", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26369" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "102934", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" }, { "name": "28056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28056" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "SUSE-SA:2007:045", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "ADV-2007-1836", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1836" }, { "name": "sunjava-bmp-dos(34320)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320" }, { "name": "APPLE-SA-2007-12-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2008:0100", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" }, { "name": "RHSA-2007:0956", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "RHSA-2007:0817", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "26645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26645" }, { "name": "26119", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26119" }, { "name": "25832", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "25295", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25295" }, { "name": "ADV-2007-3009", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3009" }, { "name": "27266", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27266" }, { "name": "SUSE-SA:2007:056", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" }, { "name": "20070711 Sun JDK Confusion", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" }, { "name": "GLSA-200709-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" }, { "name": "28115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28115" }, { "name": "1018182", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018182" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "29340", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29340" }, { "name": "25474", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25474" }, { "name": "RHSA-2007:1086", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" }, { "name": "27203", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27203" }, { "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "RHSA-2007:0829", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" }, { "name": "26631", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26631" }, { "name": "RHSA-2008:0133", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2789", "datePublished": "2007-05-22T00:00:00", "dateReserved": "2007-05-21T00:00:00", "dateUpdated": "2024-08-07T13:49:57.366Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2435
Vulnerability from cvelistv5
Published
2007-05-02 10:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:42:33.441Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "BEA07-173.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/241" }, { "name": "23728", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23728" }, { "name": "ADV-2007-1814", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1814" }, { "name": "26311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26311" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm" }, { "name": "25283", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25283" }, { "name": "35483", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/35483" }, { "name": "GLSA-200705-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "ADV-2007-1598", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1598" }, { "name": "26369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26369" }, { "name": "25413", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25413" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2007:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "25832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "102881", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1" }, { "name": "javawebstart-classes-privilege-escalation(33984)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33984" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "1017986", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017986" }, { "name": "25069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25069" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28115" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "25474", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25474" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "oval:org.mitre.oval:def:10999", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999" }, { "name": "RHSA-2007:0829", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "BEA07-173.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/241" }, { "name": "23728", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23728" }, { "name": "ADV-2007-1814", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1814" }, { "name": "26311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26311" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm" }, { "name": "25283", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25283" }, { "name": "35483", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/35483" }, { "name": "GLSA-200705-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "ADV-2007-1598", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1598" }, { "name": "26369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26369" }, { "name": "25413", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25413" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2007:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "25832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "102881", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1" }, { "name": "javawebstart-classes-privilege-escalation(33984)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33984" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "1017986", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017986" }, { "name": "25069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25069" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28115" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "25474", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25474" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "oval:org.mitre.oval:def:10999", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999" }, { "name": "RHSA-2007:0829", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2435", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://docs.info.apple.com/article.html?artnum=307177", "refsource": "MISC", "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "BEA07-173.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/241" }, { "name": "23728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23728" }, { "name": "ADV-2007-1814", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1814" }, { "name": "26311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26311" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm" }, { "name": "25283", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25283" }, { "name": "35483", "refsource": "OSVDB", "url": "http://osvdb.org/35483" }, { "name": "GLSA-200705-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "ADV-2007-1598", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1598" }, { "name": "26369", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26369" }, { "name": "25413", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25413" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "APPLE-SA-2007-12-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2007:0817", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "25832", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "102881", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1" }, { "name": "javawebstart-classes-privilege-escalation(33984)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33984" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "1017986", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017986" }, { "name": "25069", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25069" }, { "name": "28115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28115" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "25474", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25474" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "oval:org.mitre.oval:def:10999", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999" }, { "name": "RHSA-2007:0829", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2435", "datePublished": "2007-05-02T10:00:00", "dateReserved": "2007-05-01T00:00:00", "dateUpdated": "2024-08-07T13:42:33.441Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-7195
Vulnerability from cvelistv5
Published
2007-05-09 22:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:40.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "28481", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28481" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "ADV-2007-1729", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "RHSA-2007:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "oval:org.mitre.oval:def:10514", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "28481", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28481" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "ADV-2007-1729", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "RHSA-2007:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "oval:org.mitre.oval:def:10514", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-7195", "datePublished": "2007-05-09T22:00:00", "dateReserved": "2007-04-18T00:00:00", "dateUpdated": "2024-08-07T20:57:40.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-3510
Vulnerability from cvelistv5
Published
2005-11-06 11:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:17:22.767Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2006:0161", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "name": "17416", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17416" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "20439", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/20439" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "name": "15325", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15325" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "1015147", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-11-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2006:0161", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "name": "17416", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17416" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "20439", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/20439" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "name": "15325", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15325" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "1015147", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3510", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2006:0161", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html" }, { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30908" }, { "name": "17416", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17416" }, { "name": "239312", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "20439", "refsource": "OSVDB", "url": "http://www.osvdb.org/20439" }, { "name": "30899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30899" }, { "name": "15325", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15325" }, { "name": "ADV-2008-1979", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "1015147", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015147" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3510", "datePublished": "2005-11-06T11:00:00", "dateReserved": "2005-11-06T00:00:00", "dateUpdated": "2024-08-07T23:17:22.767Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1358
Vulnerability from cvelistv5
Published
2007-05-09 22:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.295Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "name": "25721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25721" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "ADV-2007-1729", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "name": "34881", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/34881" }, { "name": "24524", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24524" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html" }, { "name": "oval:org.mitre.oval:def:10679", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "20070618 [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/471719/100/0/threaded" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "JVN#16535199", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/jp/JVN%2316535199/index.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "1018269", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018269" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:57", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "name": "25721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25721" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "ADV-2007-1729", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "name": "34881", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/34881" }, { "name": "24524", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24524" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html" }, { "name": "oval:org.mitre.oval:def:10679", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "20070618 [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/471719/100/0/threaded" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "JVN#16535199", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/jp/JVN%2316535199/index.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "1018269", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018269" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-1358", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30908" }, { "name": "25721", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25721" }, { "name": "ADV-2007-2732", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "30899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "ADV-2008-1979", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "APPLE-SA-2007-07-31", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "ADV-2007-1729", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "name": "34881", "refsource": "OSVDB", "url": "http://osvdb.org/34881" }, { "name": "24524", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24524" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html" }, { "name": "oval:org.mitre.oval:def:10679", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "20070618 [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471719/100/0/threaded" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "http://docs.info.apple.com/article.html?artnum=306172", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "27727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27727" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "JVN#16535199", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2316535199/index.html" }, { "name": "25159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "1018269", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018269" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "26235", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-1358", "datePublished": "2007-05-09T22:00:00", "dateReserved": "2007-03-08T00:00:00", "dateUpdated": "2024-08-07T12:50:35.295Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-5752
Vulnerability from cvelistv5
Published
2007-06-27 17:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:04:54.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "28606", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28606" }, { "name": "26458", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26458" }, { "name": "MDKSA-2007:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" }, { "name": "RHSA-2007:0533", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2007-0533.html" }, { "name": "26822", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26822" }, { "name": "apache-modstatus-xss(35097)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35097" }, { "name": "ADV-2007-4305", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "name": "RHSA-2007:0557", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html" }, { "name": "PK52702", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" }, { "name": "MDKSA-2007:140", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" }, { "name": "25827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25827" }, { "name": "25920", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25920" }, { "name": "oval:org.mitre.oval:def:10154", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154" }, { "name": "26993", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26993" }, { "name": "28212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28212" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27732" }, { "name": "103179", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2007:0556", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "24645", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24645" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "2007-0026", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0026/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "1018302", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018302" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "MDKSA-2007:141", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:141" }, { "name": "ADV-2008-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "26443", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26443" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=549159" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "RHSA-2007:0532", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0532.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1500" }, { "name": "PK49295", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK49295\u0026apar=only" }, { "name": "28224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28224" }, { "name": "200032", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "37052", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/37052" }, { "name": "25830", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25830" }, { "name": "USN-499-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26508", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26508" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26842" }, { "name": "ADV-2007-3283", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "name": "ADV-2007-2727", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "name": "RHSA-2007:0534", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0534.html" }, { "name": "26273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26273" }, { "name": "25873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25873" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-06-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:09:52", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "28606", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28606" }, { "name": "26458", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26458" }, { "name": "MDKSA-2007:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" }, { "name": "RHSA-2007:0533", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2007-0533.html" }, { "name": "26822", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26822" }, { "name": "apache-modstatus-xss(35097)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35097" }, { "name": "ADV-2007-4305", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "name": "RHSA-2007:0557", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html" }, { "name": "PK52702", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" }, { "name": "MDKSA-2007:140", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" }, { "name": "25827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25827" }, { "name": "25920", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25920" }, { "name": "oval:org.mitre.oval:def:10154", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154" }, { "name": "26993", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26993" }, { "name": "28212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28212" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27732" }, { "name": "103179", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2007:0556", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "24645", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24645" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "2007-0026", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0026/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "1018302", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018302" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "MDKSA-2007:141", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:141" }, { "name": "ADV-2008-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "26443", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26443" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=549159" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "RHSA-2007:0532", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0532.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1500" }, { "name": "PK49295", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK49295\u0026apar=only" }, { "name": "28224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28224" }, { "name": "200032", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "37052", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/37052" }, { "name": "25830", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25830" }, { "name": "USN-499-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26508", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26508" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26842" }, { "name": "ADV-2007-3283", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "name": "ADV-2007-2727", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "name": "RHSA-2007:0534", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0534.html" }, { "name": "26273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26273" }, { "name": "25873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25873" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2006-5752", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "28606", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28606" }, { "name": "26458", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26458" }, { "name": "MDKSA-2007:142", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" }, { "name": "RHSA-2007:0533", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2007-0533.html" }, { "name": "26822", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26822" }, { "name": "apache-modstatus-xss(35097)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35097" }, { "name": "ADV-2007-4305", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "name": "RHSA-2007:0557", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html" }, { "name": "PK52702", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" }, { "name": "MDKSA-2007:140", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" }, { "name": "25827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25827" }, { "name": "25920", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25920" }, { "name": "oval:org.mitre.oval:def:10154", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154" }, { "name": "26993", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26993" }, { "name": "28212", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28212" }, { "name": "27563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27732" }, { "name": "103179", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "name": "RHSA-2007:0556", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_20.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "name": "24645", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24645" }, { "name": "SUSE-SA:2007:061", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "2007-0026", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0026/" }, { "name": "http://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112", "refsource": "MISC", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "1018302", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018302" }, { "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "name": "MDKSA-2007:141", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:141" }, { "name": "ADV-2008-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "26443", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26443" }, { "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "name": "http://httpd.apache.org/security/vulnerabilities_13.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "name": "http://svn.apache.org/viewvc?view=rev\u0026revision=549159", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=549159" }, { "name": "GLSA-200711-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "RHSA-2007:0532", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0532.html" }, { "name": "https://issues.rpath.com/browse/RPL-1500", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1500" }, { "name": "PK49295", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK49295\u0026apar=only" }, { "name": "28224", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28224" }, { "name": "200032", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "37052", "refsource": "OSVDB", "url": "http://osvdb.org/37052" }, { "name": "25830", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25830" }, { "name": "USN-499-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "26508", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26508" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" }, { "name": "26842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26842" }, { "name": "ADV-2007-3283", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "name": "ADV-2007-2727", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "name": "RHSA-2007:0534", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0534.html" }, { "name": "26273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26273" }, { "name": "25873", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25873" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-5752", "datePublished": "2007-06-27T17:00:00", "dateReserved": "2006-11-06T00:00:00", "dateUpdated": "2024-08-07T20:04:54.716Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-7196
Vulnerability from cvelistv5
Published
2007-05-09 22:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:40.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "34888", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/34888" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29242" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "25531", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25531" }, { "name": "ADV-2007-1729", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:08:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "34888", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/34888" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29242" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "25531", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25531" }, { "name": "ADV-2007-1729", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1729" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-7196", "datePublished": "2007-05-09T22:00:00", "dateReserved": "2007-04-22T00:00:00", "dateUpdated": "2024-08-07T20:57:40.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-2090
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:15:37.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "13873", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/13873" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "RHSA-2007:0360", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "oval:org.mitre.oval:def:10499", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf" }, { "name": "RHSA-2007:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "1014365", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1014365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-06-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:09:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "13873", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/13873" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "RHSA-2007:0360", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "oval:org.mitre.oval:def:10499", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf" }, { "name": "RHSA-2007:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "1014365", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1014365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2090", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html" }, { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30908" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "ADV-2007-2732", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "13873", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13873" }, { "name": "239312", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "30899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30899" }, { "name": "29242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2008-1979", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "APPLE-SA-2007-07-31", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "ADV-2008-0065", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "SUSE-SR:2008:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "RHSA-2007:0360", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "oval:org.mitre.oval:def:10499", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499" }, { "name": "28365", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28365" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "http://www.securiteam.com/securityreviews/5GP0220G0U.html", "refsource": "MISC", "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html" }, { "name": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf", "refsource": "MISC", "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf" }, { "name": "RHSA-2007:0327", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "1014365", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014365" }, { "name": "http://docs.info.apple.com/article.html?artnum=306172", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "25159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", "refsource": "BUGTRAQ", "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "26235", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26235" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2090", "datePublished": "2005-06-30T04:00:00", "dateReserved": "2005-06-30T00:00:00", "dateUpdated": "2024-08-07T22:15:37.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-5461
Vulnerability from cvelistv5
Published
2007-10-15 18:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:31:58.669Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-1453", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E" }, { "name": "26070", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26070" }, { "name": "27446", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27446" }, { "name": "20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "apache-tomcat-webdav-dir-traversal(37243)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243" }, { "name": "oval:org.mitre.oval:def:9202", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202" }, { "name": "RHSA-2008:0862", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2008-2823", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37460" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "29313", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29313" }, { "name": "31681", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/31681" }, { "name": "32120", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32120" }, { "name": "ADV-2007-3671", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3671" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "27398", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27398" }, { "name": "RHSA-2008:0042", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "1018864", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018864" }, { "name": "28361", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28361" }, { "name": "28317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "name": "ADV-2007-3674", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3674" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "57126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57126" }, { "name": "32222", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32222" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "GLSA-200804-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html" }, { "name": "ADV-2007-3622", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3622" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27727" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "ADV-2008-2780", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "4530", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/4530" }, { "name": "MDVSA-2009:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "name": "DSA-1447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "name": "27481", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27481" }, { "name": "HPSBST02955", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "APPLE-SA-2008-10-09", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3216" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "29711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29711" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://issues.apache.org/jira/browse/GERONIMO-3549" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "32266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32266" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:08:49", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-1453", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT2163" }, { "name": "[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E" }, { "name": "26070", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26070" }, { "name": "27446", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27446" }, { "name": "20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "apache-tomcat-webdav-dir-traversal(37243)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243" }, { "name": "oval:org.mitre.oval:def:9202", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202" }, { "name": "RHSA-2008:0862", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "name": "ADV-2008-1981", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "name": "29242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2008-2823", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37460" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "29313", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29313" }, { "name": "31681", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/31681" }, { "name": "32120", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32120" }, { "name": "ADV-2007-3671", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3671" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "27398", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27398" }, { "name": "RHSA-2008:0042", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html" }, { "name": "SUSE-SR:2008:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "1018864", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018864" }, { "name": "28361", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28361" }, { "name": "28317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "name": "ADV-2007-3674", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3674" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "57126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57126" }, { "name": "32222", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32222" }, { "name": "30802", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "GLSA-200804-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html" }, { "name": "ADV-2007-3622", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3622" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112" }, { "name": "27727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27727" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "ADV-2008-2780", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "4530", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/4530" }, { "name": "MDVSA-2009:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "name": "DSA-1447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "name": "27481", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27481" }, { "name": "HPSBST02955", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "APPLE-SA-2008-10-09", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3216" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "29711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29711" }, { "tags": [ "x_refsource_MISC" ], "url": "http://issues.apache.org/jira/browse/GERONIMO-3549" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "32266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32266" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-5461", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-1453", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1453" }, { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30908" }, { "name": "http://support.apple.com/kb/HT2163", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT2163" }, { "name": "[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E" }, { "name": "26070", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26070" }, { "name": "27446", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27446" }, { "name": "20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "239312", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "apache-tomcat-webdav-dir-traversal(37243)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243" }, { "name": "oval:org.mitre.oval:def:9202", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202" }, { "name": "RHSA-2008:0862", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "name": "ADV-2008-1981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "name": "30899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30899" }, { "name": "FEDORA-2007-3456", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "29242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29242" }, { "name": "ADV-2008-2823", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "name": "37460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37460" }, { "name": "ADV-2008-1979", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "29313", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29313" }, { "name": "31681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31681" }, { "name": "32120", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32120" }, { "name": "ADV-2007-3671", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3671" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "27398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27398" }, { "name": "RHSA-2008:0042", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html" }, { "name": "SUSE-SR:2008:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "name": "1018864", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018864" }, { "name": "28361", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28361" }, { "name": "28317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28317" }, { "name": "APPLE-SA-2008-06-30", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "name": "ADV-2007-3674", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3674" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "57126", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57126" }, { "name": "32222", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32222" }, { "name": "30802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30802" }, { "name": "RHSA-2008:0195", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "name": "GLSA-200804-10", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml" }, { "name": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html", "refsource": "CONFIRM", "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html" }, { "name": "ADV-2007-3622", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3622" }, { "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112" }, { "name": "27727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27727" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "ADV-2008-2780", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "4530", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4530" }, { "name": "MDVSA-2009:136", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "name": "DSA-1447", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1447" }, { "name": "27481", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27481" }, { "name": "HPSBST02955", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "APPLE-SA-2008-10-09", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "name": "http://support.apple.com/kb/HT3216", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3216" }, { "name": "MDKSA-2007:241", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "29711", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29711" }, { "name": "http://issues.apache.org/jira/browse/GERONIMO-3549", "refsource": "MISC", "url": "http://issues.apache.org/jira/browse/GERONIMO-3549" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "32266", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32266" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-5461", "datePublished": "2007-10-15T18:00:00", "dateReserved": "2007-10-15T00:00:00", "dateUpdated": "2024-08-07T15:31:58.669Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-1329
Vulnerability from cvelistv5
Published
2006-03-21 01:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/25334 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2006/1009 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/bid/17155 | vdb-entry, x_refsource_BID | |
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | vendor-advisory, x_refsource_APPLE | |
http://support.apple.com/kb/HT4077 | x_refsource_CONFIRM | |
http://secunia.com/advisories/19281 | third-party-advisory, x_refsource_SECUNIA | |
http://www.redhat.com/support/errata/RHSA-2008-0261.html | vendor-advisory, x_refsource_REDHAT | |
http://article.gmane.org/gmane.network.jabber.admin/27372 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "jabberd-sasl-dos(25334)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25334" }, { "name": "ADV-2006-1009", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1009" }, { "name": "17155", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17155" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "19281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19281" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://article.gmane.org/gmane.network.jabber.admin/27372" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "jabberd-sasl-dos(25334)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25334" }, { "name": "ADV-2006-1009", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1009" }, { "name": "17155", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17155" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "19281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19281" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://article.gmane.org/gmane.network.jabber.admin/27372" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1329", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "jabberd-sasl-dos(25334)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25334" }, { "name": "ADV-2006-1009", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1009" }, { "name": "17155", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17155" }, { "name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" }, { "name": "19281", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19281" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://article.gmane.org/gmane.network.jabber.admin/27372", "refsource": "CONFIRM", "url": "http://article.gmane.org/gmane.network.jabber.admin/27372" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1329", "datePublished": "2006-03-21T01:00:00", "dateReserved": "2006-03-20T00:00:00", "dateUpdated": "2024-08-07T17:03:28.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-0450
Vulnerability from cvelistv5
Published
2007-03-16 22:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:19:30.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "tomcat-proxy-directory-traversal(32988)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "SUSE-SR:2007:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "25280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25280" }, { "name": "RHSA-2007:0360", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" }, { "name": "24732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24732" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "22960", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22960" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.sec-consult.com/287.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt" }, { "name": "RHSA-2007:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "ADV-2007-0975", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0975" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html" }, { "name": "GLSA-200705-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml" }, { "name": "25106", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25106" }, { "name": "2446", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2446" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "SUSE-SR:2007:015", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26235" }, { "name": "oval:org.mitre.oval:def:10643", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:10:18", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "ADV-2007-2732", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "ADV-2007-3087", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "name": "tomcat-proxy-directory-traversal(32988)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "SUSE-SR:2007:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html" }, { "name": "APPLE-SA-2007-07-31", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "25280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25280" }, { "name": "RHSA-2007:0360", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" }, { "name": "24732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24732" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "22960", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22960" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.sec-consult.com/287.html" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt" }, { "name": "RHSA-2007:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "ADV-2007-0975", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0975" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "25159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25159" }, { "name": "26660", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26660" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html" }, { "name": "GLSA-200705-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml" }, { "name": "25106", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25106" }, { "name": "2446", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2446" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded" }, { "name": "MDKSA-2007:241", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" }, { "name": "SUSE-SR:2007:015", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" }, { "name": "26235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26235" }, { "name": "oval:org.mitre.oval:def:10643", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-0450", "datePublished": "2007-03-16T22:00:00", "dateReserved": "2007-01-23T00:00:00", "dateUpdated": "2024-08-07T12:19:30.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2788
Vulnerability from cvelistv5
Published
2007-05-22 00:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:49:57.375Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "26933", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26933" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "26049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26049" }, { "name": "BEA07-177.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/248" }, { "name": "26311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26311" }, { "name": "20070703 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" }, { "name": "sun-java-image-bo(34652)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652" }, { "name": "200856", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://scary.beasts.org/security/CESA-2006-004.html" }, { "name": "30805", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30805" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "sunjava-iccprofile-overflow(34318)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318" }, { "name": "VU#138545", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/138545" }, { "name": "GLSA-200705-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "24004", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24004" }, { "name": "20071218 Sun JDK Confusion Revisited", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" }, { "name": "26369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26369" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "102934", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" }, { "name": "28056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28056" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "SUSE-SA:2007:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "ADV-2007-1836", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1836" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2008:0100", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" }, { "name": "RHSA-2007:0956", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "RHSA-2007:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "26645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26645" }, { "name": "26119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26119" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28365" }, { "name": "24267", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24267" }, { "name": "25832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "25295", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25295" }, { "name": "ADV-2007-3009", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3009" }, { "name": "27266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27266" }, { "name": "SUSE-SA:2007:056", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" }, { "name": "20070711 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" }, { "name": "GLSA-200709-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28115" }, { "name": "1018182", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018182" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "29340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29340" }, { "name": "25474", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25474" }, { "name": "RHSA-2007:1086", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" }, { "name": "27203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27203" }, { "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", "tags": [ "mailing-list", "x_refsource_VIM", "x_transferred" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "RHSA-2007:0829", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" }, { "name": "26631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26631" }, { "name": "oval:org.mitre.oval:def:11700", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700" }, { "name": "RHSA-2008:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "26933", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26933" }, { "tags": [ "x_refsource_MISC" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "26049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26049" }, { "name": "BEA07-177.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/248" }, { "name": "26311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26311" }, { "name": "20070703 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" }, { "name": "sun-java-image-bo(34652)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652" }, { "name": "200856", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://scary.beasts.org/security/CESA-2006-004.html" }, { "name": "30805", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30805" }, { "name": "ADV-2008-0065", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "sunjava-iccprofile-overflow(34318)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318" }, { "name": "VU#138545", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/138545" }, { "name": "GLSA-200705-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "24004", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24004" }, { "name": "20071218 Sun JDK Confusion Revisited", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" }, { "name": "26369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26369" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "102934", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" }, { "name": "28056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28056" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "SUSE-SA:2007:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "ADV-2007-1836", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1836" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2008:0100", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" }, { "name": "RHSA-2007:0956", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "RHSA-2007:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "26645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26645" }, { "name": "26119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26119" }, { "name": "28365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28365" }, { "name": "24267", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24267" }, { "name": "25832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "25295", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25295" }, { "name": "ADV-2007-3009", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3009" }, { "name": "27266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27266" }, { "name": "SUSE-SA:2007:056", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" }, { "name": "20070711 Sun JDK Confusion", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" }, { "name": "GLSA-200709-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28115" }, { "name": "1018182", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018182" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "29340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29340" }, { "name": "25474", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25474" }, { "name": "RHSA-2007:1086", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" }, { "name": "27203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27203" }, { "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", "tags": [ "mailing-list", "x_refsource_VIM" ], "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "RHSA-2007:0829", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" }, { "name": "26631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26631" }, { "name": "oval:org.mitre.oval:def:11700", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700" }, { "name": "RHSA-2008:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2788", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "26933", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26933" }, { "name": "http://docs.info.apple.com/article.html?artnum=307177", "refsource": "MISC", "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "name": "26049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26049" }, { "name": "BEA07-177.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/248" }, { "name": "26311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26311" }, { "name": "20070703 Sun JDK Confusion", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" }, { "name": "sun-java-image-bo(34652)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652" }, { "name": "200856", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" }, { "name": "http://scary.beasts.org/security/CESA-2006-004.html", "refsource": "MISC", "url": "http://scary.beasts.org/security/CESA-2006-004.html" }, { "name": "30805", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30805" }, { "name": "ADV-2008-0065", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "name": "sunjava-iccprofile-overflow(34318)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318" }, { "name": "VU#138545", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/138545" }, { "name": "GLSA-200705-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" }, { "name": "24004", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24004" }, { "name": "20071218 Sun JDK Confusion Revisited", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" }, { "name": "26369", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26369" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "102934", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" }, { "name": "28056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28056" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "SUSE-SA:2007:045", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" }, { "name": "ADV-2007-1836", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1836" }, { "name": "APPLE-SA-2007-12-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "RHSA-2008:0100", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" }, { "name": "RHSA-2007:0956", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" }, { "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" }, { "name": "RHSA-2007:0817", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" }, { "name": "26645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26645" }, { "name": "26119", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26119" }, { "name": "28365", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28365" }, { "name": "24267", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24267" }, { "name": "25832", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25832" }, { "name": "ADV-2007-4224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "GLSA-200706-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "25295", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25295" }, { "name": "ADV-2007-3009", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3009" }, { "name": "27266", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27266" }, { "name": "SUSE-SA:2007:056", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" }, { "name": "20070711 Sun JDK Confusion", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" }, { "name": "GLSA-200709-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" }, { "name": "28115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28115" }, { "name": "1018182", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018182" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "29340", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29340" }, { "name": "25474", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25474" }, { "name": "RHSA-2007:1086", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" }, { "name": "27203", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27203" }, { "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" }, { "name": "RHSA-2007:0829", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" }, { "name": "26631", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26631" }, { "name": "oval:org.mitre.oval:def:11700", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700" }, { "name": "RHSA-2008:0133", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2788", "datePublished": "2007-05-22T00:00:00", "dateReserved": "2007-05-21T00:00:00", "dateUpdated": "2024-08-07T13:49:57.375Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-7197
Vulnerability from cvelistv5
Published
2007-04-25 20:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:39.784Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "28477", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28477" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38859" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-03-16T00:00:00", "descriptions": [ { "lang": "en", "value": "The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:10:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "28477", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28477" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38859" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-7197", "datePublished": "2007-04-25T20:00:00", "dateReserved": "2007-04-25T00:00:00", "dateUpdated": "2024-08-07T20:57:39.784Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-3835
Vulnerability from cvelistv5
Published
2006-07-25 00:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:48:39.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "19106", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19106" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30908" }, { "name": "37297", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37297" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30899" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.sec-consult.com/289.html" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "ADV-2007-1727", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1727" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33668" }, { "name": "apache-tomcat-url-information-disclosure(27902)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "25212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25212" }, { "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" }, { "name": "1016576", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016576" }, { "name": "20060721 Directory Listing in Apache Tomcat 5.x.x", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "nokia-tomcat-source-code-disclosure(34183)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:07:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "19106", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19106" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30908" }, { "name": "37297", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37297" }, { "name": "239312", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "30899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30899" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.sec-consult.com/289.html" }, { "name": "ADV-2008-1979", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "ADV-2007-1727", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1727" }, { "name": "33668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33668" }, { "name": "apache-tomcat-url-information-disclosure(27902)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded" }, { "name": "ADV-2009-0233", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "25212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25212" }, { "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" }, { "name": "1016576", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016576" }, { "name": "20060721 Directory Listing in Apache Tomcat 5.x.x", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "nokia-tomcat-source-code-disclosure(34183)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3835", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "19106", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19106" }, { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "30908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30908" }, { "name": "37297", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37297" }, { "name": "239312", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "name": "30899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30899" }, { "name": "http://www.sec-consult.com/289.html", "refsource": "MISC", "url": "http://www.sec-consult.com/289.html" }, { "name": "ADV-2008-1979", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "name": "ADV-2007-1727", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1727" }, { "name": "33668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33668" }, { "name": "apache-tomcat-url-information-disclosure(27902)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27902" }, { "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded" }, { "name": "ADV-2009-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" }, { "name": "25212", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25212" }, { "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" }, { "name": "1016576", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016576" }, { "name": "20060721 Directory Listing in Apache Tomcat 5.x.x", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "nokia-tomcat-source-code-disclosure(34183)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34183" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", "refsource": "MISC", "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" }, { "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "refsource": "CONFIRM", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3835", "datePublished": "2006-07-25T00:00:00", "dateReserved": "2006-07-24T00:00:00", "dateUpdated": "2024-08-07T18:48:39.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-0254
Vulnerability from cvelistv5
Published
2006-01-18 02:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:25:34.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31493" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.oliverkarow.de/research/geronimo_css.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181\u0026styleName=Html\u0026projectId=10220\u0026Create=Create" }, { "name": "16260", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16260" }, { "name": "ADV-2006-0217", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0217" }, { "name": "geronimo-webaccesslog-viewer-xss(24159)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24159" }, { "name": "geronimo-jspexamples-xss(24158)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24158" }, { "name": "20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/421996/100/0/threaded" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://issues.apache.org/jira/browse/GERONIMO-1474" }, { "name": "18485", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18485" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-01-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:0630", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "31493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31493" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.oliverkarow.de/research/geronimo_css.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181\u0026styleName=Html\u0026projectId=10220\u0026Create=Create" }, { "name": "16260", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16260" }, { "name": "ADV-2006-0217", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0217" }, { "name": "geronimo-webaccesslog-viewer-xss(24159)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24159" }, { "name": "geronimo-jspexamples-xss(24158)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24158" }, { "name": "20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/421996/100/0/threaded" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://issues.apache.org/jira/browse/GERONIMO-1474" }, { "name": "18485", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18485" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0254", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493" }, { "name": "http://www.oliverkarow.de/research/geronimo_css.txt", "refsource": "MISC", "url": "http://www.oliverkarow.de/research/geronimo_css.txt" }, { "name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181\u0026styleName=Html\u0026projectId=10220\u0026Create=Create", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181\u0026styleName=Html\u0026projectId=10220\u0026Create=Create" }, { "name": "16260", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16260" }, { "name": "ADV-2006-0217", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0217" }, { "name": "geronimo-webaccesslog-viewer-xss(24159)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24159" }, { "name": "geronimo-jspexamples-xss(24158)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24158" }, { "name": "20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/421996/100/0/threaded" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://issues.apache.org/jira/browse/GERONIMO-1474", "refsource": "MISC", "url": "http://issues.apache.org/jira/browse/GERONIMO-1474" }, { "name": "18485", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18485" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0254", "datePublished": "2006-01-18T02:00:00", "dateReserved": "2006-01-18T00:00:00", "dateUpdated": "2024-08-07T16:25:34.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.