Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-1355

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-1355
Last Modified 24 Aug 2013 01:25:41
Published 21 May 2007 04:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-1355

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Vulnerable Systems

Application

  • Apache Tomcat 4.0.0

  • Apache Tomcat 4.0.1

  • Apache Tomcat 4.0.2

  • Apache Tomcat 4.0.3

  • Apache Tomcat 4.0.4

  • Apache Tomcat 4.0.5

  • Apache Tomcat 4.0.6

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.31

  • Apache Tomcat 5.0.1

  • Apache Tomcat 5.0.10

  • Apache Tomcat 5.0.11

  • Apache Tomcat 5.0.12

  • Apache Tomcat 5.0.13

  • Apache Tomcat 5.0.14

  • Apache Tomcat 5.0.15

  • Apache Tomcat 5.0.16

  • Apache Tomcat 5.0.17

  • Apache Tomcat 5.0.18

  • Apache Tomcat 5.0.19

  • Apache Tomcat 5.0.2

  • Apache Tomcat 5.0.21

  • Apache Tomcat 5.0.22

  • Apache Tomcat 5.0.23

  • Apache Tomcat 5.0.24

  • Apache Tomcat 5.0.25

  • Apache Tomcat 5.0.26

  • Apache Tomcat 5.0.27

  • Apache Tomcat 5.0.28

  • Apache Tomcat 5.0.29

  • Apache Tomcat 5.0.3

  • Apache Tomcat 5.0.30

  • Apache Tomcat 5.0.4

  • Apache Tomcat 5.0.5

  • Apache Tomcat 5.0.6

  • Apache Tomcat 5.0.7

  • Apache Tomcat 5.0.8

  • Apache Tomcat 5.0.9

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.4

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9


References

BID - 24058

VUPEN - ADV-2009-0233

VUPEN - ADV-2008-1981

VUPEN - ADV-2008-1979

VUPEN - ADV-2007-3386

BUGTRAQ - 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)

BUGTRAQ - 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

BUGTRAQ - 20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://tomcat.apache.org/security-4.html

CONFIRM - http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

SECUNIA - 33668

SECUNIA - 31493

REDHAT - RHSA-2008:0630

HP - HPSBUX02262

CONFIRM - http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

FEDORA - FEDORA-2007-3456

XF - tomcat-hello-xss(34377)

REDHAT - RHSA-2008:0261

CONFIRM - http://support.apple.com/kb/HT2163

SUNALERT - 239312

SREASON - 2722

SECUNIA - 30908

SECUNIA - 30899

SECUNIA - 30802

SECUNIA - 27727

SECUNIA - 27037

APPLE - APPLE-SA-2008-06-30

OSVDB - 34875

HP - SSRT071447

Related Patches

Apple 2008-06-30 Security Update 2008-004 (PPC)

Apple 2008-06-30 Security Update 2008-004 Server (PPC)

Apple 2008-06-30 Security Update 2008-004 (Intel)

Apple 2008-06-30 Security Update 2008-004 Server (Intel)


Last Updated: 27 May 2016 10:58:25