Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1355Cross-site Scripting in Apache Tomcat

CWE-79Cross-site Scripting8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
83.3%
top 0.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedMay 21
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat52 versions+51

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
Apache Tomcat Vulnerable to Cross-Site Scripting2022-05-01
OSV
Apache Tomcat Vulnerable to Cross-Site Scripting2022-05-01
CVEList
CVE-2007-1355: Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello2007-05-21

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities2007-05-19

📋Vendor Advisories

1
Red Hat
tomcat XSS in samples2007-05-19

💬Community

2
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]2008-01-10
Bugzilla
CVE-2007-1355 tomcat XSS in samples2007-08-17
CVE-2007-1355 — Cross-site Scripting in Apache Tomcat | cvebase