Rapid7 Vulnerability & Exploit Database

ELSA-2007-0871 Moderate: Enterprise Linux tomcat security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2007-0871 Moderate: Enterprise Linux tomcat security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

08/14/2007

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Solution(s)

oracle-linux-upgrade-tomcat5
oracle-linux-upgrade-tomcat5-admin-webapps
oracle-linux-upgrade-tomcat5-common-lib
oracle-linux-upgrade-tomcat5-jasper
oracle-linux-upgrade-tomcat5-jasper-javadoc
oracle-linux-upgrade-tomcat5-jsp-2-0-api
oracle-linux-upgrade-tomcat5-jsp-2-0-api-javadoc
oracle-linux-upgrade-tomcat5-server-lib
oracle-linux-upgrade-tomcat5-servlet-2-4-api
oracle-linux-upgrade-tomcat5-servlet-2-4-api-javadoc
oracle-linux-upgrade-tomcat5-webapps

References

https://attackerkb.com/topics/cve-2007-3382
APPLE-SA-2008-06-30
25314
25316
993544
CVE - 2007-3382
CVE - 2007-3385
CVE - 2007-3386
DSA-1447
DSA-1453
OVAL10077
OVAL11269
OVAL9549
RHSA-2007:0871
RHSA-2007:0950
RHSA-2008:0195
RHSA-2008:0261
http://oss.oracle.com/pipermail/el-errata/2007-September/000337.html
35999
36001
36006

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;