Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability

Bugtraq ID: 25314
Class: Input Validation Error
CVE: CVE-2007-3386
Remote: Yes
Local: No
Published: Aug 14 2007 12:00AM
Updated: Feb 18 2009 06:57PM
Credit: NTT OSS CENTER discovered this issue and worked with JPCERT/CC to report it to the vendor.
Vulnerable: SuSE SUSE Linux Enterprise Server 10 SP2
Redhat Fedora 7
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
HP Tru64 UNIX 5.1B-4
HP Tru64 UNIX 5.1.0 PK6
HP Tru64 UNIX 5.1.0 B-4
HP Tru64 UNIX 5.1.0 B-3
HP Internet Express 6.7
HP Internet Express 6.6
HP Internet Express 6.5
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Computer Associates Cohesion Application Configuration Manager 4.5
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0
Apache Tomcat 5.5.24
Apache Tomcat 5.5.23
Apache Tomcat 5.5.22
Apache Tomcat 5.5.21
Apache Tomcat 5.5.20
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 5.5.19
Apache Tomcat 5.5.18
Apache Tomcat 5.5.17
Apache Tomcat 5.5.16
Apache Tomcat 5.5.15
Apache Tomcat 5.5.14
Apache Tomcat 5.5.13
Apache Tomcat 5.5.12
Apache Tomcat 5.5.11
Apache Tomcat 5.5.10
Apache Tomcat 5.5.9
Apache Tomcat 5.5.8
Apache Tomcat 5.5.7
Apache Tomcat 5.5.6
Apache Tomcat 5.5.5
Apache Tomcat 5.5.4
Apache Tomcat 5.5.3
Apache Tomcat 5.5.2
Apache Tomcat 5.5.1
Apache Tomcat 5.5
Not Vulnerable: Computer Associates Cohesion Application Configuration Manager 4.5 SP1
Apache Tomcat 6.0.14


 

Privacy Statement
Copyright 2010, SecurityFocus