CVE-2007-3386
CVE-2007-3386
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/30495no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://jvn.jp/jp/JVN%2359851336/index.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/36417http://secunia.com/advisories/26465http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317