Apache Tomcat Accept-Language crossite scripting - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Apache Tomcat Accept-Language crossite scripting
Published: 19.06.2007
Source: BUGTRAQ
SecurityVulns ID: 7823
Type: remote
Level: 4/10
Description: Crossite scripting with invalid Accept-Language header.

Affected: APACHE : Tomcat 4.0
APACHE : Tomcat 4.1
APACHE : Tomcat 5.0
APACHE : Tomcat 5.5
APACHE : Tomcat 6.0
CVE: CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".)

Original document APACHE, [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing (19.06.2007)

Discuss: Read or add your comments to this news (0 comments)