CVE-2007-3384

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/39035
http://securityreason.com/securityalert/2971
http://securitytracker.com/id?1018503
http://tomcat.apache.org/security-3.html
http://www.securityfocus.com/archive/1/475321/100/0/threaded
http://www.securityfocus.com/bid/25174	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:3.3:::::::*
	cpe:2.3:a:apache:tomcat:3.3.1:::::::*
	cpe:2.3:a:apache:tomcat:3.3.1a:::::::*
	cpe:2.3:a:apache:tomcat:3.3.2:::::::*

History

No history.

Information

Published : 2007-08-08 01:17

Updated : 2018-10-16 16:48

NVD link : CVE-2007-3384

Mitre link : CVE-2007-3384

CVE.ORG link : CVE-2007-3384

JSON object : View

Products Affected

apache

tomcat

CWE

NVD-CWE-Other

{"id": "CVE-2007-3384", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-08-08T01:17:00.000", "references": [{"url": "http://osvdb.org/39035", "source": "secalert@redhat.com"}, {"url": "http://securityreason.com/securityalert/2971", "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1018503", "source": "secalert@redhat.com"}, {"url": "http://tomcat.apache.org/security-3.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/475321/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/25174", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en examples/servlet/CookieExample de Apache Tomcat 3.3 hasta 3.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante los campos (1) Name o (2) Value, relacionado con mensajes de error."}], "lastModified": "2018-10-16T16:48:48.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0CDF9E1-9412-450E-B1D4-438F128FFF9E"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32561F50-6385-4D71-AFAC-3D2F8DB55A4B"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D51D88E7-6F5C-42B0-BAD6-7DCD9A357B43"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C091BCC4-4B19-4304-A807-FE3BB3BCC8CA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}