CVE-2007-1355

Published: May 21, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Affected (52)

Products: Apache: Tomcat

Apache

1 product

Tomcat

Configuration A

52 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 4.0.0
Apache Tomcat	Version 4.0.1
Apache Tomcat	Version 4.0.2
Apache Tomcat	Version 4.0.3
Apache Tomcat	Version 4.0.4
Apache Tomcat	Version 4.0.5
Apache Tomcat	Version 4.0.6
Apache Tomcat	Version 4.1.10
Apache Tomcat	Version 4.1.15
Apache Tomcat	Version 4.1.24
Apache Tomcat	Version 4.1.28
Apache Tomcat	Version 4.1.31
Apache Tomcat	Version 5.0.10
Apache Tomcat	Version 5.0.11
Apache Tomcat	Version 5.0.12
Apache Tomcat	Version 5.0.13
Apache Tomcat	Version 5.0.14
Apache Tomcat	Version 5.0.15
Apache Tomcat	Version 5.0.16
Apache Tomcat	Version 5.0.17
Apache Tomcat	Version 5.0.18
Apache Tomcat	Version 5.0.19
Apache Tomcat	Version 5.0.1
Apache Tomcat	Version 5.0.21
Apache Tomcat	Version 5.0.22
Apache Tomcat	Version 5.0.23
Apache Tomcat	Version 5.0.24
Apache Tomcat	Version 5.0.25
Apache Tomcat	Version 5.0.26
Apache Tomcat	Version 5.0.27
Apache Tomcat	Version 5.0.28
Apache Tomcat	Version 5.0.29
Apache Tomcat	Version 5.0.2
Apache Tomcat	Version 5.0.30
Apache Tomcat	Version 5.0.3
Apache Tomcat	Version 5.0.4
Apache Tomcat	Version 5.0.5
Apache Tomcat	Version 5.0.6
Apache Tomcat	Version 5.0.7
Apache Tomcat	Version 5.0.8
Apache Tomcat	Version 5.0.9
Apache Tomcat	Version 6.0.0
Apache Tomcat	Version 6.0.10
Apache Tomcat	Version 6.0.1
Apache Tomcat	Version 6.0.2
Apache Tomcat	Version 6.0.3
Apache Tomcat	Version 6.0.4
Apache Tomcat	Version 6.0.5
Apache Tomcat	Version 6.0.6
Apache Tomcat	Version 6.0.7
Apache Tomcat	Version 6.0.8
Apache Tomcat	Version 6.0.9

References (68)

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Source: secalert@redhat.com

http://osvdb.org/34875

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2008-0630.html

Source: secalert@redhat.com

http://secunia.com/advisories/27037

Source: secalert@redhat.com

http://secunia.com/advisories/27727

Source: secalert@redhat.com

http://secunia.com/advisories/30802

Source: secalert@redhat.com

http://secunia.com/advisories/30899

Source: secalert@redhat.com

http://secunia.com/advisories/30908

Source: secalert@redhat.com

http://secunia.com/advisories/31493

Source: secalert@redhat.com

http://secunia.com/advisories/33668

Source: secalert@redhat.com

http://securityreason.com/securityalert/2722

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

Source: secalert@redhat.com

http://support.apple.com/kb/HT2163

Source: secalert@redhat.com

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Source: secalert@redhat.com

http://tomcat.apache.org/security-4.html

Source: secalert@redhat.com

http://tomcat.apache.org/security-5.html

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0261.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/469067/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500396/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500412/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/24058

Source: secalert@redhat.com

ExploitPatch

http://www.vupen.com/english/advisories/2007/3386

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1979/references

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1981/references

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0233

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

Source: secalert@redhat.com

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Source: secalert@redhat.com

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx