cbcvebase.
CVE-2007-1355
published 2007-05-21

CVE-2007-1355: Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36…

PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
58.25%
99.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Affected

52 ranges· showing 25
VendorProductVersion rangeFixed in
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com/tomcat-docs/appdev/sample/web/hello.jsp?test=alert(document.domain)
path/tomcat-docs/appdev/sample/web/hello.jsp
  • Monitor HTTP requests targeting the path /tomcat-docs/appdev/sample/web/hello.jsp with a 'test' query parameter, which is the known XSS injection vector for this CVE.
  • The exploit proof-of-concept injects JavaScript via the 'test' parameter using a payload such as alert(document.domain); look for script-like content in the 'test' parameter of requests to hello.jsp.
  • Presence of the sample application hello.jsp on a production Tomcat instance (versions 4.0.0–4.0.6, 4.1.0–4.1.36, 5.0.0–5.0.30, 5.5.0–5.5.23, 6.0.0–6.0.10) indicates an unpatched, exploitable endpoint.
  • ·The vulnerable endpoint is part of the bundled documentation/sample web application; it should be removed or disabled in production deployments to eliminate the attack surface entirely.
  • ·Exploitation can lead to theft of cookie-based authentication credentials; ensure HttpOnly and Secure flags are set on session cookies as a compensating control.
  • ·Fixed versions are Tomcat 6.0.11, 5.5.24, 5.0.HEAD, and 4.1.HEAD; any instance below these versions with the sample app deployed remains vulnerable.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.