CVE-2007-3386
published 2007-08-14CVE-2007-3386: Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject…
PriorityP431medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
58.96%
99.0th percentile
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the Tomcat Host Manager Servlet endpoint '/html/add' for unsanitized or script-bearing input in the 'aliases' parameter, which is the demonstrated attack vector for this XSS vulnerability. ↗
- →Look for XSS payloads (e.g., script tags or event handlers) injected into the 'aliases' parameter of requests targeting the Host Manager Servlet on Apache Tomcat 5.5.0–5.5.24 and 6.0.0–6.0.13. ↗
- →The exploit proof-of-concept uses an alert() XSS payload embedded in a crafted request; detect anomalous script injection strings (e.g., 'alert()">' patterns) in Host Manager Servlet request parameters. ↗
- ·The vulnerability exists only in Apache Tomcat versions 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13; versions 5.5.25+ and 6.0.14+ are patched. Ensure Host Manager Servlet is not exposed to untrusted users on unpatched versions. ↗
- ·Exploitation requires the victim to be authenticated (logged in) to the Host Manager Servlet before being lured to the attacker-controlled page, limiting the attack surface to authenticated sessions. ↗
- ·Successful exploitation can lead to theft of cookie-based authentication credentials; ensure session cookies are flagged HttpOnly to reduce impact. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v66v-63h2-8q5q: Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6
ghsa_unreviewed·2022-05-01
CVE-2007-3386 [MEDIUM] CWE-79 GHSA-v66v-63h2-8q5q: Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Red Hat
tomcat host manager xss
vendor_redhat·2007-08-14·CVSS 4.3
CVE-2007-3386 [MEDIUM] CWE-79 tomcat host manager xss
tomcat host manager xss
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
No detection rules found.
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [Fdevel]
bugzilla·2007-08-24·CVSS 4.3
CVE-2007-3382 [MEDIUM] CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [Fdevel]
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This is already fixed in 5.5.25. Closing bug.
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [F7]
bugzilla·2007-08-24·CVSS 4.3
CVE-2007-3382 [MEDIUM] CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [F7]
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This is already fixed in 5.5.25. Closing bug.
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [FC6]
bugzilla·2007-08-24·CVSS 4.3
CVE-2007-3382 [MEDIUM] CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [FC6]
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Closing this bug, since FC-6 is now unsupported.
Bugzilla
CVE-2007-3386 tomcat host manager xss
bugzilla·2007-07-12·CVSS 4.3
CVE-2007-3386 [MEDIUM] CVE-2007-3386 tomcat host manager xss
CVE-2007-3386 tomcat host manager xss
JPCERT#98038604
Cross-site Scripting in Apache Tomcat host manager
Assume that after logged in, the victim was lead to the malicious web
server with following file installed.
alert()">
When the victim accesses to it, then the window pops up. Therefore
it is verified that vulnerability exists.
not public
Discussion:
Created attachment 159067
proposed patch
---
now public, opening bug
---
tomcat5-5.5.25-1jpp.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://jvn.jp/jp/JVN%2359851336/index.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/36417http://secunia.com/advisories/26465http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/33668http://securityreason.com/securityalert/3010http://securitytracker.com/id?1018558http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2008/dsa-1447http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0871.htmlhttp://www.securityfocus.com/archive/1/476448/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25314http://www.vupen.com/english/advisories/2007/2880http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2007/3527http://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/36001https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554http://jvn.jp/jp/JVN%2359851336/index.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/36417http://secunia.com/advisories/26465http://secunia.com/advisories/26898http://secunia.com/advisories/27037http://secunia.com/advisories/27267http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/33668http://securityreason.com/securityalert/3010http://securitytracker.com/id?1018558http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2008/dsa-1447http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0871.htmlhttp://www.securityfocus.com/archive/1/476448/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25314http://www.vupen.com/english/advisories/2007/2880http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2007/3527http://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/36001https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
2007-08-14
Published