Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-3383

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-3383
Last Modified 07 Mar 2011 09:56:11
Published 25 Jul 2007 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-3383

Summary

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

Vulnerable Systems

Application

  • Apache Tomcat 4.0.0

  • Apache Tomcat 4.0.1

  • Apache Tomcat 4.0.2

  • Apache Tomcat 4.0.3

  • Apache Tomcat 4.0.4

  • Apache Tomcat 4.0.5

  • Apache Tomcat 4.0.6

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.36


References

CERT-VN - VU#862600

XF - tomcat-sendmail-example-xss(35536)

BUGTRAQ - 20070721 CVE-2007-3383: XSS in Tomcat send mail example

CONFIRM - http://tomcat.apache.org/security-4.html

VUPEN - ADV-2008-1981

VUPEN - ADV-2007-2618

CONFIRM - http://support.apple.com/kb/HT2163

SECUNIA - 30802

OSVDB - 39000

APPLE - APPLE-SA-2008-06-30

BID - 24999

SREASON - 2918

Related Patches

Apple 2008-06-30 Security Update 2008-004 (PPC)

Apple 2008-06-30 Security Update 2008-004 Server (PPC)

Apple 2008-06-30 Security Update 2008-004 (Intel)

Apple 2008-06-30 Security Update 2008-004 Server (Intel)


Last Updated: 27 May 2016 10:45:34