Vulnerability Details : CVE-2007-1355
Potential exploit
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2007-1355
- cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
Threat overview for CVE-2007-1355
Top countries where our scanners detected CVE-2007-1355
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-1355 2,714
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-1355!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-1355
78.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1355
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2007-1355
-
http://www.securityfocus.com/archive/1/469067/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
-
http://secunia.com/advisories/30899
About Secunia Research | Flexera
-
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
error - ecx_site - ECX
-
http://www.securityfocus.com/archive/1/500396/100/0/threaded
-
http://tomcat.apache.org/security-5.html
Apache Tomcat® - Apache Tomcat 5 vulnerabilities
-
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Apache Mail Archives
-
http://secunia.com/advisories/30802
About Secunia Research | Flexera
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
-
http://www.securityfocus.com/archive/1/500412/100/0/threaded
-
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Apache Mail Archives
-
http://tomcat.apache.org/security-4.html
Apache Tomcat® - Apache Tomcat 4.x vulnerabilities
-
http://secunia.com/advisories/27727
-
http://tomcat.apache.org/security-6.html
Apache Tomcat® - Apache Tomcat 6 vulnerabilities
-
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2008-0630.html
RHSA-2008:0630 - Security Advisory - Red Hat Customer Portal
-
http://osvdb.org/34875
-
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
-
http://www.vupen.com/english/advisories/2008/1981/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://support.apple.com/kb/HT2163
About the security content of Security Update 2008-004 and Mac OS X 10.5.4 - Apple Support
-
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/-Apache Mail Archives
-
http://secunia.com/advisories/30908
About Secunia Research | Flexera
-
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/-Apache Mail Archives
-
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
-
http://secunia.com/advisories/31493
About Secunia Research | Flexera
-
http://secunia.com/advisories/27037
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/1979/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.vupen.com/english/advisories/2007/3386
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/24058
Exploit;Patch
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34377
-
http://securityreason.com/securityalert/2722
-
http://www.vupen.com/english/advisories/2009/0233
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Support
-
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
Home - Broadcom Community - Discussion Forums, Technical Docs, Ideas and Blogs
-
http://secunia.com/advisories/33668
About Secunia Research | Flexera
Jump to