cbcvebase.
CVE-2006-7196
published 2007-05-10

CVE-2006-7196: Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30…

PriorityP433medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
72.17%
99.4th percentile
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Affected

54 ranges· showing 25
VendorProductVersion rangeFixed in
apachetomcat<= 4.1.31
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com/examples/jsp/cal/cal2.jsp?time=8am%3cscript%3ealert("XSS!")%3c%2fscript%3e
path/examples/jsp/cal/cal2.jsp
filenamecal2.jsp
  • Monitor HTTP requests targeting the 'time' parameter of cal2.jsp within the Tomcat JSP examples directory for unsanitized script injection payloads.
  • Detect access to the Tomcat example JSP calendar application path '/examples/jsp/cal/cal2.jsp'; this path should not be publicly accessible in production environments.
  • Look for URL-encoded script tags (e.g., %3cscript%3e, %3c%2fscript%3e) in the 'time' query parameter of requests to cal2.jsp as an indicator of active exploitation attempts.
  • ·The vulnerable calendar application is part of the JSP examples bundled with Tomcat; if the JSP examples are not deployed or are access-restricted, the attack surface is eliminated.
  • ·The vulnerability is fixed in Apache Tomcat 5.5.16 and later; versions 4.0.0–4.0.6, 4.1.0–4.1.31, 5.0.0–5.0.30, and 5.5.0–5.5.15 are affected.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.