Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability

Bugtraq ID: 24999
Class: Input Validation Error
CVE: CVE-2007-3383
Remote: Yes
Local: No
Published: Jul 21 2007 12:00AM
Updated: Jul 01 2008 12:40AM
Credit: Tomasz Kuczynski is credited with the discovery of this vulnerability.
Vulnerable: Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apache Tomcat 4.1.36
Apache Tomcat 4.1.34
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 4.1.24
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 4.1.12
Apache Tomcat 4.1.10
Apache Tomcat 4.1.9 beta
Apache Tomcat 4.1.3 beta
Apache Tomcat 4.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.3
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.5
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- Redhat Linux 6.2 i386
- Redhat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Tomcat 4.0.6
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 4.0.5
+ Redhat Stronghold 4.0
Apache Tomcat 4.0.4
Apache Tomcat 4.0.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Apache Tomcat 4.0.2
Apache Tomcat 4.0.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- Redhat Linux 6.2 i386
- Redhat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Tomcat 4.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- Redhat Linux 6.2 i386
- Redhat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus