Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat Accept-Language crossite scripting
Published:19.06.2007
Source:
SecurityVulns ID:7823
Type:remote
Threat Level:
4/10
Description:Crossite scripting with invalid Accept-Language header.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
 APACHE : Tomcat 5.0
 APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".)
Original documentdocumentAPACHE, [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing (19.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod