CVE-2007-1358

Published: May 10, 2007Modified: Apr 23, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Affected (9)

Products: Apache: Tomcat

Apache

1 product

Tomcat

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Up to 4.1.31
Apache Tomcat	Version 4.0.0
Apache Tomcat	Version 4.0.1
Apache Tomcat	Version 4.0.2
Apache Tomcat	Version 4.0.3
Apache Tomcat	Version 4.0.4
Apache Tomcat	Version 4.0.5
Apache Tomcat	Version 4.0.6
Apache Tomcat	Version 4.1.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (76)

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Source: secalert@redhat.com

http://docs.info.apple.com/article.html?artnum=306172

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Source: secalert@redhat.com

http://jvn.jp/jp/JVN%2316535199/index.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Source: secalert@redhat.com

http://osvdb.org/34881

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2008-0630.html

Source: secalert@redhat.com

http://secunia.com/advisories/25721

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/26235

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/26660

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/27037

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/27727

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/30899

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/30908

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/31493

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/33668

Source: secalert@redhat.com

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

Source: secalert@redhat.com

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Source: secalert@redhat.com

http://tomcat.apache.org/security-4.html

Source: secalert@redhat.com

Vendor Advisory

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0261.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/471719/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500396/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500412/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/24524

Source: secalert@redhat.com

http://www.securityfocus.com/bid/25159

Source: secalert@redhat.com

http://www.securitytracker.com/id?1018269

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/1729

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/2732

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3087

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3386

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1979/references

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0233

Source: secalert@redhat.com

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Source: secalert@redhat.com

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx