CVE-2007-1358
CVE-2007-1358
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://docs.info.apple.com/article.html?artnum=306172http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://jvn.jp/jp/JVN%2316535199/index.htmlhttp://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://osvdb.org/34881http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/25721http://secunia.com/advisories/26235http://secunia.com/advisories/26660http://secunia.com/advisories/27037http://secunia.com/advisories/27727