CVE-2007-1355 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2007-1355
Status Candidate
Description Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
Severity Low
CVSS score 1,9
CVSS vector (AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)
Phase Assigned (08.03.2007)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1355
References BID : 24058
BUGTRAQ : 20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities
CONFIRM : http://tomcat.apache.org/security-4.html
CONFIRM : http://tomcat.apache.org/security-5.html
CONFIRM : http://tomcat.apache.org/security-6.html
XF : tomcat-hello-xss(34377)
SecurityVulns: Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

test server