CVE-2007-3384

Published: Aug 8, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

Affected (4)

Products: Apache: Tomcat

Apache

1 product

Tomcat

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 3.3.1
Apache Tomcat	Version 3.3.1a
Apache Tomcat	Version 3.3.2
Apache Tomcat	Version 3.3

References (12)

http://osvdb.org/39035

Source: secalert@redhat.com

http://securityreason.com/securityalert/2971

Source: secalert@redhat.com

http://securitytracker.com/id?1018503

Source: secalert@redhat.com

http://tomcat.apache.org/security-3.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/475321/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/25174

Source: secalert@redhat.com

Patch

http://osvdb.org/39035