CVE-2007-1355: XSS
First published: Mon May 21 2007(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tomcat | =4.0.0 | |
| Tomcat | =4.0.1 | |
| Tomcat | =4.0.2 | |
| Tomcat | =4.0.3 | |
| Tomcat | =4.0.4 | |
| Tomcat | =4.0.5 | |
| Tomcat | =4.0.6 | |
| Tomcat | =4.1.10 | |
| Tomcat | =4.1.15 | |
| Tomcat | =4.1.24 | |
| Tomcat | =4.1.28 | |
| Tomcat | =4.1.31 | |
| Tomcat | =5.0.1 | |
| Tomcat | =5.0.2 | |
| Tomcat | =5.0.3 | |
| Tomcat | =5.0.4 | |
| Tomcat | =5.0.5 | |
| Tomcat | =5.0.6 | |
| Tomcat | =5.0.7 | |
| Tomcat | =5.0.8 | |
| Tomcat | =5.0.9 | |
| Tomcat | =5.0.10 | |
| Tomcat | =5.0.11 | |
| Tomcat | =5.0.12 | |
| Tomcat | =5.0.13 | |
| Tomcat | =5.0.14 | |
| Tomcat | =5.0.15 | |
| Tomcat | =5.0.16 | |
| Tomcat | =5.0.17 | |
| Tomcat | =5.0.18 | |
| Tomcat | =5.0.19 | |
| Tomcat | =5.0.21 | |
| Tomcat | =5.0.22 | |
| Tomcat | =5.0.23 | |
| Tomcat | =5.0.24 | |
| Tomcat | =5.0.25 | |
| Tomcat | =5.0.26 | |
| Tomcat | =5.0.27 | |
| Tomcat | =5.0.28 | |
| Tomcat | =5.0.29 | |
| Tomcat | =5.0.30 | |
| Tomcat | =6.0.0 | |
| Tomcat | =6.0.1 | |
| Tomcat | =6.0.2 | |
| Tomcat | =6.0.3 | |
| Tomcat | =6.0.4 | |
| Tomcat | =6.0.5 | |
| Tomcat | =6.0.6 | |
| Tomcat | =6.0.7 | |
| Tomcat | =6.0.8 | |
| Tomcat | =6.0.9 | |
| Tomcat | =6.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://www.securityfocus.com/bid/24058
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
- http://secunia.com/advisories/27037
- http://secunia.com/advisories/27727
- http://securityreason.com/securityalert/2722
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://support.apple.com/kb/HT2163
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- http://secunia.com/advisories/30802
- http://secunia.com/advisories/30908
- http://secunia.com/advisories/30899
- http://rhn.redhat.com/errata/RHSA-2008-0630.html
- http://secunia.com/advisories/31493
- http://secunia.com/advisories/33668
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
- http://www.vupen.com/english/advisories/2009/0233
- http://www.vupen.com/english/advisories/2007/3386
- http://www.vupen.com/english/advisories/2008/1979/references
- http://www.vupen.com/english/advisories/2008/1981/references
- http://osvdb.org/34875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
- http://www.securityfocus.com/archive/1/500412/100/0/threaded
- http://www.securityfocus.com/archive/1/500396/100/0/threaded
- http://www.securityfocus.com/archive/1/469067/100/0/threaded
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2007-1355?
CVE-2007-1355 is classified as a medium severity vulnerability due to its potential to allow cross-site scripting attacks.
How do I fix CVE-2007-1355?
To fix CVE-2007-1355, upgrade your Apache Tomcat installation to the latest version that is not vulnerable.
What are the affected versions in CVE-2007-1355?
CVE-2007-1355 affects Apache Tomcat versions 4.0.0 through 6.0.10.
What types of attacks can CVE-2007-1355 facilitate?
CVE-2007-1355 allows remote attackers to inject arbitrary web scripts or HTML, leading to potential exploitation through cross-site scripting.
Is CVE-2007-1355 easy to exploit?
Yes, CVE-2007-1355 is relatively easy to exploit due to the nature of cross-site scripting vulnerabilities.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- vendor/apache
- canonical/tomcat
- version/tomcat/4.0.0
- version/tomcat/4.0.1
- version/tomcat/4.0.2
- version/tomcat/4.0.3
- version/tomcat/4.0.4
- version/tomcat/4.0.5
- version/tomcat/4.0.6
- version/tomcat/4.1.10
- version/tomcat/4.1.15
- version/tomcat/4.1.24
- version/tomcat/4.1.28
- version/tomcat/4.1.31
- version/tomcat/5.0.1
- version/tomcat/5.0.2
- version/tomcat/5.0.3
- version/tomcat/5.0.4
- version/tomcat/5.0.5
- version/tomcat/5.0.6
- version/tomcat/5.0.7
- version/tomcat/5.0.8
- version/tomcat/5.0.9
- version/tomcat/5.0.10
- version/tomcat/5.0.11
- version/tomcat/5.0.12
- version/tomcat/5.0.13
- version/tomcat/5.0.14
- version/tomcat/5.0.15
- version/tomcat/5.0.16
- version/tomcat/5.0.17
- version/tomcat/5.0.18
- version/tomcat/5.0.19
- version/tomcat/5.0.21
- version/tomcat/5.0.22
- version/tomcat/5.0.23
- version/tomcat/5.0.24
- version/tomcat/5.0.25
- version/tomcat/5.0.26
- version/tomcat/5.0.27
- version/tomcat/5.0.28
- version/tomcat/5.0.29
- version/tomcat/5.0.30
- version/tomcat/6.0.0
- version/tomcat/6.0.1
- version/tomcat/6.0.2
- version/tomcat/6.0.3
- version/tomcat/6.0.4
- version/tomcat/6.0.5
- version/tomcat/6.0.6
- version/tomcat/6.0.7
- version/tomcat/6.0.8
- version/tomcat/6.0.9
- version/tomcat/6.0.10