← back
CVE-2007-3386

CVE-2007-3386

EPSS 59.0%
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30495unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://jvn.jp/jp/JVN%2359851336/index.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/36417http://secunia.com/advisories/26465http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317