CVE-2007-1358 — Cross-site Scripting in Apache Tomcat

CWE-79 — Cross-site Scripting12 documents6 sources

Severity

2.6LOWNVD

EPSS

39.9%

top 2.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedMay 10

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat4.1.31+8

🔴Vulnerability Details

GHSA

Apache Tomcat XSS In Accept-Language Headers↗2022-05-01

▶

OSV

Apache Tomcat XSS In Accept-Language Headers↗2022-05-01

▶

CVEList

CVE-2007-1358: Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4↗2007-05-09

▶

📋Vendor Advisories

Red Hat

tomcat accept-language xss flaw↗2007-06-06

▶

💬Community

Bugzilla

CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]↗2008-01-10

▶

Bugzilla

CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F8]↗2007-11-02

▶

Bugzilla

CVE-2007-1358 tomcat accept-language xss flaw↗2007-06-19

▶

Bugzilla

CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F7]↗2007-06-19

▶

Bugzilla

CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [Fdevel]↗2007-06-19

▶