CVE-2007-3386

Scores

EPSS

0.738medium73.8%

0%20%40%60%80%100%

Percentile: 73.8%

CVSS

4.3medium2.0

0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-79

Exploits

Exploit ID: 30495

Source: exploitdb

URL: https://www.exploit-db.com/exploits/30495

Vulnerable Software (5)

Type: Configuration

Product: tomcat5

Operating System: rhel 5

Trait:

{  "fixed": "5.5.23-0jpp.3.0.2.el5"}

Source: redhat

Type: Configuration

Product: tomcat5

Operating System: rhel

Trait:

{  "fixed": "5.5.23-0jpp_4rh.4"}

Source: redhat

Type: Configuration

Product: tomcat5.5

Operating System: debian

Trait:

{  "fixed": "5.5.25-1"}

Source: debian

Type: Configuration

Product: tomcat5.5

Operating System: ubuntu hardy 8.04

Trait:

{  "fixed": "5.5.25-1"}

Source: ubuntu

Type: Configuration

Vendor: *

Product: tomcat

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",      "...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2007-3386

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Exploits

Vulnerable Software (5)