CVE-2006-7196
published 2007-05-10CVE-2006-7196: Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30…
PriorityP433medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
72.17%
99.4th percentile
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | <= 4.1.31 | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://www.example.com/examples/jsp/cal/cal2.jsp?time=8am%3cscript%3ealert("XSS!")%3c%2fscript%3e↗
- →Monitor HTTP requests targeting the 'time' parameter of cal2.jsp within the Tomcat JSP examples directory for unsanitized script injection payloads. ↗
- →Detect access to the Tomcat example JSP calendar application path '/examples/jsp/cal/cal2.jsp'; this path should not be publicly accessible in production environments. ↗
- →Look for URL-encoded script tags (e.g., %3cscript%3e, %3c%2fscript%3e) in the 'time' query parameter of requests to cal2.jsp as an indicator of active exploitation attempts. ↗
- ·The vulnerable calendar application is part of the JSP examples bundled with Tomcat; if the JSP examples are not deployed or are access-restricted, the attack surface is eliminated. ↗
- ·The vulnerability is fixed in Apache Tomcat 5.5.16 and later; versions 4.0.0–4.0.6, 4.1.0–4.1.31, 5.0.0–5.0.30, and 5.5.0–5.5.15 are affected. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross-site scripting in Apache Tomcat
ghsa·2022-05-01·CVSS 4.3
CVE-2006-7196 [MEDIUM] CWE-79 Cross-site scripting in Apache Tomcat
Cross-site scripting in Apache Tomcat
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
OSV
Cross-site scripting in Apache Tomcat
osv·2022-05-01·CVSS 4.3
CVE-2006-7196 [MEDIUM] Cross-site scripting in Apache Tomcat
Cross-site scripting in Apache Tomcat
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Red Hat
tomcat XSS in example webapps
vendor_redhat·2007-04-26·CVSS 4.3
CVE-2006-7196 [MEDIUM] CWE-79 tomcat XSS in example webapps
tomcat XSS in example webapps
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
No detection rules found.
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
bugzilla·2008-01-10·CVSS 4.3
CVE-2007-5333 [MEDIUM] CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
rhn_satellite_5.0 tracking bug: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.
For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ
[bug automatically created by: add-tracking-bugs]
Discussion:
[root@rlx-3-18 RPMS]# ls tomcat5-5.0.30-0jpp_9rh.noarch.rpm
tomcat5-5.0.30-0jpp_9rh.noarch.rpm
[root@rlx-3-18 RPMS]# pwd
/tmp/mnt/RPMS
[root@rlx-3-18 RPMS]#
verified
---
This is not a bug. The real issue that was talked about is actually:
private bug Bugzilla Bug 430731: CVE-2007-5461 CVE-2007-3385 CVE-2007-3382
CVE-2007-1358 CVE-2007-1355 CVE-2007
Bugzilla
A number of tomcat issues
bugzilla·2007-05-09·CVSS 5.0
CVE-2005-3164 [MEDIUM] A number of tomcat issues
A number of tomcat issues
A number of issues affected tomcat 4.0.6 as distributed with Stronghold. Most
of these are minor severity, all need triaging:
http://tomcat.apache.org/security-4.html
Information disclosure CVE-2005-3164
Information disclosure CVE-2005-2090
Directory traversal CVE-2007-0450
Cross-site scripting CVE-2007-1358
Cross-site scripting CVE-2006-7196
Directory listing CVE-2006-3835
Cross-site scripting CVE-2005-4838
Denial of service CVE-2005-3510
Denial of service CVE-2003-0866
Information disclosure CVE-2002-2006
Discussion:
closing; Stronghold has reached end of life.
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
bugzilla·2007-04-30·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
A number of flaws affect the version of Tomcat5 shipped with RHAPS-EL3 (last
updated in RHSA-2006:0592 to 5.0.28). Please see linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0340.html
Bugzilla
CVE-2006-7196 tomcat XSS in example webapps
bugzilla·2007-04-27·CVSS 4.3
CVE-2006-7196 [MEDIUM] CVE-2006-7196 tomcat XSS in example webapps
CVE-2006-7196 tomcat XSS in example webapps
According to http://tomcat.apache.org/security-5.html
Fixed in Apache Tomcat 5.5.16
Cross-site scripting CVE-2006-7196
The calendar application included as part of the JSP examples is susceptible to
a cross-site scripting attack as it does not escape user provided data before
including it in the returned page.
Affects: 5.0.0-5.0.30, 5.5.0-5.5.15
Advisory text: "The calendar application in the JSP examples did not escape
displayed values. If the JSP examples are accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks. (CVE-2006-7196)"
Discussion:
This was addressed via:
Red Hat Application Server v2 4AS (RHSA-2007:0326)
Red Hat Application Server 3AS (RHSA-2007:0340)
Red Hat Network Satellite Server 5.0
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
A number of flaws affect the version of Tomcat5 shipped with RHAPS2 (last
updated in RHSA-2006:0161 to 5.5.12). Please see linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0326.html
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://osvdb.org/34888http://secunia.com/advisories/29242http://secunia.com/advisories/33668http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/478491/100/0/threadedhttp://www.securityfocus.com/archive/1/478609/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25531http://www.vupen.com/english/advisories/2007/1729http://www.vupen.com/english/advisories/2009/0233https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://osvdb.org/34888http://secunia.com/advisories/29242http://secunia.com/advisories/33668http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/478491/100/0/threadedhttp://www.securityfocus.com/archive/1/478609/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25531http://www.vupen.com/english/advisories/2007/1729http://www.vupen.com/english/advisories/2009/0233https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
2007-05-10
Published