1. CVE-Search
  2. CVE-2006-7195
ID CVE-2006-7195
Summary Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-02-2023 - 02:16)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
accepted 2013-04-29T04:06:20.140-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
family unix
id oval:org.mitre.oval:def:10514
status accepted
submitted 2010-07-09T03:56:16-04:00
title Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
version 18
redhat via4
advisories
  • rhsa
    id RHSA-2007:0327
  • rhsa
    id RHSA-2008:0261
rpms
  • jakarta-commons-modeler-0:2.0-3jpp_2rh
  • jakarta-commons-modeler-javadoc-0:2.0-3jpp_2rh
  • tomcat5-0:5.5.23-0jpp_4rh.3
  • tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.3
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.3
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.3
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.3
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.3
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.3
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.3
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.3
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.3
  • tomcat5-webapps-0:5.5.23-0jpp_4rh.3
  • jakarta-commons-modeler-0:1.1-8jpp.1.0.2.el5
  • jakarta-commons-modeler-debuginfo-0:1.1-8jpp.1.0.2.el5
  • jakarta-commons-modeler-javadoc-0:1.1-8jpp.1.0.2.el5
  • tomcat5-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-admin-webapps-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-common-lib-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-debuginfo-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jasper-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-server-lib-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-webapps-0:5.5.23-0jpp.1.0.3.el5
  • jakarta-commons-modeler-0:2.0-3jpp_3rh
  • tomcat5-0:5.5.23-0jpp_6rh
  • tomcat5-common-lib-0:5.5.23-0jpp_6rh
  • tomcat5-jasper-0:5.5.23-0jpp_6rh
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_6rh
  • tomcat5-server-lib-0:5.5.23-0jpp_6rh
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_6rh
  • tomcat5-0:5.0.30-0jpp_5rh
  • tomcat5-admin-webapps-0:5.0.30-0jpp_5rh
  • tomcat5-webapps-0:5.0.30-0jpp_5rh
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
refmap via4
bid 28481
bugtraq
  • 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
  • 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
  • 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
confirm
mlist [Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
secunia
  • 28365
  • 33668
vupen
  • ADV-2007-1729
  • ADV-2008-0065
  • ADV-2009-0233
Last major update 13-02-2023 - 02:16
Published 10-05-2007 - 00:19
Last modified 13-02-2023 - 02:16
Back to Top