CVE-2007-3384

Опубликовано: 08 авг. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

Ссылки

http://osvdb.org/39035
http://securityreason.com/securityalert/2971
http://securitytracker.com/id?1018503
http://tomcat.apache.org/security-3.html
http://www.securityfocus.com/archive/1/475321/100/0/threaded
http://www.securityfocus.com/bid/25174
Patch
http://osvdb.org/39035
http://securityreason.com/securityalert/2971
http://securitytracker.com/id?1018503
http://tomcat.apache.org/security-3.html
http://www.securityfocus.com/archive/1/475321/100/0/threaded
http://www.securityfocus.com/bid/25174
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02821

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-36hp-4x3g-phrg

github

около 3 лет назад

Apache Tomcat's CookieExample Vulnerable to XSS