Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3386Cross-site Scripting in Apache Tomcat

CWE-79Cross-site Scripting9 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
73.8%
top 1.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedAug 14
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat39 versions+38

Patches

Patch: tomcat.apache.orgPatch: tomcat.apache.org

🔴Vulnerability Details

2
GHSA
GHSA-v66v-63h2-8q5q: Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 62022-05-01
CVEList
CVE-2007-3386: Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 62007-08-14

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting2007-08-14

📋Vendor Advisories

1
Red Hat
tomcat host manager xss2007-08-14

💬Community

4
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [Fdevel]2007-08-24
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [F7]2007-08-24
Bugzilla
CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 tomcat5 various flaws [FC6]2007-08-24
Bugzilla
CVE-2007-3386 tomcat host manager xss2007-07-12
CVE-2007-3386 — Cross-site Scripting in Apache Tomcat | cvebase