CVE-2006-7195: XSS
First published: Thu Apr 19 2007(Updated: )
According to <a href="http://tomcat.apache.org/security-5.html">http://tomcat.apache.org/security-5.html</a> Fixed in Apache Tomcat 5.5.18 Cross-site scripting <a href="https://access.redhat.com/security/cve/CVE-2006-7195">CVE-2006-7195</a> The implict-objects.jsp in the examples webapp displayed a number of unfiltered header values. This enabled a XSS attack. These values are now filtered. Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.17
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jakarta-commons-modeler | <0:1.1-8jpp.1.0.2.el5 | 0:1.1-8jpp.1.0.2.el5 |
| redhat/tomcat5 | <0:5.5.23-0jpp.1.0.3.el5 | 0:5.5.23-0jpp.1.0.3.el5 |
| redhat/java | <1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 | 1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 |
| redhat/rhn-apache | <0:1.3.27-36.rhn.rhel4 | 0:1.3.27-36.rhn.rhel4 |
| redhat/rhn-modjk | <0:1.2.23-2rhn.rhel4 | 0:1.2.23-2rhn.rhel4 |
| redhat/rhn-modperl | <0:1.29-16.rhel4 | 0:1.29-16.rhel4 |
| redhat/rhn-modssl | <0:2.8.12-8.rhn.10.rhel4 | 0:2.8.12-8.rhn.10.rhel4 |
| redhat/java | <1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 | 1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 |
| redhat/rhn-apache | <0:1.3.27-36.rhn.rhel3 | 0:1.3.27-36.rhn.rhel3 |
| redhat/rhn-modjk | <0:1.2.23-2rhn.rhel3 | 0:1.2.23-2rhn.rhel3 |
| redhat/rhn-modperl | <0:1.29-16.rhel3 | 0:1.29-16.rhel3 |
| redhat/rhn-modssl | <0:2.8.12-8.rhn.10.rhel3 | 0:2.8.12-8.rhn.10.rhel3 |
| maven/org.apache.tomcat:tomcat | >=5.5.0<=5.5.17 | 5.5.18 |
| maven/org.apache.tomcat:tomcat | >=5.0.0<=5.0.30 | |
| Tomcat | =5.0.0 | |
| Tomcat | =5.0.1 | |
| Tomcat | =5.0.2 | |
| Tomcat | =5.0.10 | |
| Tomcat | =5.0.11 | |
| Tomcat | =5.0.12 | |
| Tomcat | =5.0.13 | |
| Tomcat | =5.0.14 | |
| Tomcat | =5.0.15 | |
| Tomcat | =5.0.16 | |
| Tomcat | =5.0.17 | |
| Tomcat | =5.0.18 | |
| Tomcat | =5.0.19 | |
| Tomcat | =5.0.21 | |
| Tomcat | =5.0.22 | |
| Tomcat | =5.0.23 | |
| Tomcat | =5.0.24 | |
| Tomcat | =5.0.25 | |
| Tomcat | =5.0.26 | |
| Tomcat | =5.0.27 | |
| Tomcat | =5.0.28 | |
| Tomcat | =5.0.29 | |
| Tomcat | =5.0.30 | |
| Tomcat | =5.5.0 | |
| Tomcat | =5.5.5 | |
| Tomcat | =5.5.6 | |
| Tomcat | =5.5.7 | |
| Tomcat | =5.5.8 | |
| Tomcat | =5.5.9 | |
| Tomcat | =5.5.10 | |
| Tomcat | =5.5.11 | |
| Tomcat | =5.5.12 | |
| Tomcat | =5.5.13 | |
| Tomcat | =5.5.14 | |
| Tomcat | =5.5.15 | |
| Tomcat | =5.5.16 | |
| Tomcat | =5.5.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tomcat.apache.org/security-5.html
- http://www.redhat.com/support/errata/RHSA-2007-0327.html
- http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
- http://lists.vmware.com/pipermail/security-announce/2008/000003.html
- http://secunia.com/advisories/28365
- http://www.securityfocus.com/bid/28481
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- http://secunia.com/advisories/33668
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- http://www.vupen.com/english/advisories/2009/0233
- http://www.vupen.com/english/advisories/2007/1729
- http://www.vupen.com/english/advisories/2008/0065
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514
- http://www.securityfocus.com/archive/1/500412/100/0/threaded
- http://www.securityfocus.com/archive/1/500396/100/0/threaded
- http://www.securityfocus.com/archive/1/485938/100/0/threaded
- https://nvd.nist.gov/vuln/detail/CVE-2006-7195
- https://access.redhat.com/errata/RHSA-2007:0326
- https://access.redhat.com/errata/RHSA-2007:0327
- https://access.redhat.com/errata/RHSA-2007:0328
- https://access.redhat.com/errata/RHSA-2007:0340
- https://access.redhat.com/errata/RHSA-2008:0261
- https://access.redhat.com/errata/RHSA-2008:0524
- https://access.redhat.com/security/cve/CVE-2006-7195
- https://bugzilla.redhat.com/show_bug.cgi?id=237081
- https://web.archive.org/web/20080515114843/http://www.securityfocus.com/bid/28481
- https://web.archive.org/web/20171015140308/http://www.securityfocus.com/archive/1/500396/100/0/threaded
- https://web.archive.org/web/20171015140313/http://www.securityfocus.com/archive/1/500412/100/0/threaded
- https://web.archive.org/web/20201021082255/http://www.securityfocus.com/archive/1/485938/100/0/threaded
- https://web.archive.org/web/20230518052431/http://lists.vmware.com/pipermail/security-announce/2008/000003.html
- https://github.com/advisories/GHSA-p57v-p3fx-qgwm (Advisory)
- https://www.cve.org/CVERecord?id=CVE-2006-7195 https://nvd.nist.gov/vuln/detail/CVE-2006-7195
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7195.json
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2006-7195?
CVE-2006-7195 has been classified as a cross-site scripting vulnerability with a medium level of severity.
How do I fix CVE-2006-7195?
To fix CVE-2006-7195, upgrade Apache Tomcat to version 5.5.18 or later.
Which versions of Apache Tomcat are affected by CVE-2006-7195?
CVE-2006-7195 affects Apache Tomcat versions 5.0.0 to 5.0.30 and 5.5.0 to 5.5.17.
What types of attacks can CVE-2006-7195 allow?
CVE-2006-7195 can allow attackers to execute arbitrary scripts in a user's browser.
When was CVE-2006-7195 published?
CVE-2006-7195 was published on January 2, 2007.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2006-7195
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-p57v-p3fx-qgwm
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- collector/github-advisory
- agent/trending
- agent/source
- agent/author
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- package-manager/redhat
- package-manager/maven
- vendor/apache
- canonical/tomcat
- version/tomcat/5.0.0
- version/tomcat/5.0.1
- version/tomcat/5.0.2
- version/tomcat/5.0.10
- version/tomcat/5.0.11
- version/tomcat/5.0.12
- version/tomcat/5.0.13
- version/tomcat/5.0.14
- version/tomcat/5.0.15
- version/tomcat/5.0.16
- version/tomcat/5.0.17
- version/tomcat/5.0.18
- version/tomcat/5.0.19
- version/tomcat/5.0.21
- version/tomcat/5.0.22
- version/tomcat/5.0.23
- version/tomcat/5.0.24
- version/tomcat/5.0.25
- version/tomcat/5.0.26
- version/tomcat/5.0.27
- version/tomcat/5.0.28
- version/tomcat/5.0.29
- version/tomcat/5.0.30
- version/tomcat/5.5.0
- version/tomcat/5.5.5
- version/tomcat/5.5.6
- version/tomcat/5.5.7
- version/tomcat/5.5.8
- version/tomcat/5.5.9
- version/tomcat/5.5.10
- version/tomcat/5.5.11
- version/tomcat/5.5.12
- version/tomcat/5.5.13
- version/tomcat/5.5.14
- version/tomcat/5.5.15
- version/tomcat/5.5.16
- version/tomcat/5.5.17