jvndb-2007-000598
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Apache Tomcat Host Manager cross-site scripting vulnerability
Details
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. The Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000598.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nThe Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000598.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000598",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN59851336/index.html",
      "@id": "JVN#59851336",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386",
      "@id": "CVE-2007-3386",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3386",
      "@id": "CVE-2007-3386",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/26465/",
      "@id": "SA26465",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25314",
      "@id": "25314",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/2880",
      "@id": "FrSIRT/ADV-2007-2880",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Apache Tomcat Host Manager cross-site scripting vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.