Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability

Bugtraq ID: 24999
Class: Input Validation Error
CVE: CVE-2007-3383
Remote: Yes
Local: No
Published: Jul 21 2007 12:00AM
Updated: Jul 01 2008 12:40AM
Credit: Tomasz Kuczynski is credited with the discovery of this vulnerability.
Vulnerable: Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.34
+ Gentoo Linux 1.4 _rc3
 + Gentoo Linux 1.4 _rc2
 + Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.1.24
+ Gentoo Linux 1.4 _rc3
 + Gentoo Linux 1.4 _rc2
 + Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.1.12
Apache Software Foundation Tomcat 4.1.10
Apache Software Foundation Tomcat 4.1.9 beta
Apache Software Foundation Tomcat 4.1.3 beta
Apache Software Foundation Tomcat 4.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.3
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.5
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - RedHat Linux 6.2 i386
 - RedHat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Software Foundation Tomcat 4.0.6
+ Gentoo Linux 1.4 _rc3
 + Gentoo Linux 1.4 _rc2
 + Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.0.5
+ RedHat Stronghold 4.0
Apache Software Foundation Tomcat 4.0.4
Apache Software Foundation Tomcat 4.0.3
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 Apache Software Foundation Tomcat 4.0.2
Apache Software Foundation Tomcat 4.0.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - RedHat Linux 6.2 i386
 - RedHat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Software Foundation Tomcat 4.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - RedHat Linux 6.2 i386
 - RedHat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus