ID CVE-2007-3384
Summary Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 3.3
    cpe:2.3:a:apache:tomcat:3.3
  • Apache Software Foundation Tomcat 3.3.1
    cpe:2.3:a:apache:tomcat:3.3.1
  • Apache Software Foundation Tomcat 3.3.1a
    cpe:2.3:a:apache:tomcat:3.3.1a
  • Apache Software Foundation Tomcat 3.3.2
    cpe:2.3:a:apache:tomcat:3.3.2
CVSS
Base: 4.3 (as of 08-08-2007 - 09:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family Web Servers
NASL id TOMCAT_3_3_2.NASL
description According to its self-reported version number, the instance of Apache Tomcat 3.x listening on the remote host is prior to 3.3.2, It is, therefore, affected by multiple vulnerabilities. Unspecified cross-site scripting vulnerabilities exist in the 'ROOT' and example applications shipped with this version of Tomcat. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
last seen 2019-02-21
modified 2018-11-15
plugin id 50526
published 2010-11-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=50526
title Apache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities
refmap via4
bid 25174
bugtraq 20070802 CVE-2007-3384: XSS in Tomcat cookies example
confirm http://tomcat.apache.org/security-3.html
osvdb 39035
sectrack 1018503
sreason 2971
Last major update 15-11-2008 - 01:52
Published 07-08-2007 - 21:17
Last modified 16-10-2018 - 12:48
Back to Top