CVE-2007-1358

Properties

Published:
08.05.2007
Updated:
29.01.2009
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:N/AC:H/Au:N/C:N/I:P/A:N)
    Product:
    apache: tomcat
    apache: tomcat
    apache: tomcat
    apache: tomcat
    apache: tomcat
    apache: tomcat
    apache: tomcat
    apache: tomcat
    apache: tomcat

    Vulnerability description

    Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

    References:

    FRSIRT: http://www.frsirt.com/english/advisories/2007/1729
    BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded
    FRSIRT: http://www.frsirt.com/english/advisories/2009/0233
    CONFIRM: http://tomcat.apache.org/security-4.html
    CONFIRM: http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
    SECUNIA: http://secunia.com/advisories/33668
    SECUNIA: http://secunia.com/advisories/31493
    REDHAT: http://rhn.redhat.com/errata/RHSA-2008-0630.html
    CONFIRM: http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
    FEDORA: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
    SECTRACK: http://www.securitytracker.com/id?1018269
    BID: http://www.securityfocus.com/bid/25159
    BID: http://www.securityfocus.com/bid/24524
    BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/471719/100/0/threaded
    REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0261.html
    CONFIRM: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html
    FRSIRT: http://www.frsirt.com/english/advisories/2008/1979/references
    FRSIRT: http://www.frsirt.com/english/advisories/2007/3386
    FRSIRT: http://www.frsirt.com/english/advisories/2007/3087
    FRSIRT: http://www.frsirt.com/english/advisories/2007/2732
    SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
    SECUNIA: http://secunia.com/advisories/30908
    SECUNIA: http://secunia.com/advisories/30899
    SECUNIA: http://secunia.com/advisories/27727
    SECUNIA: http://secunia.com/advisories/27037
    SECUNIA: http://secunia.com/advisories/26660
    SECUNIA: http://secunia.com/advisories/26235
    SECUNIA: http://secunia.com/advisories/25721
    APPLE: http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
    JVN: http://jvn.jp/jp/JVN%2316535199/index.html
    HP: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
    CONFIRM: http://docs.info.apple.com/article.html?artnum=306172