CVE-2007-1355

N/A Unknown

Published: May 21, 2007 Modified: April 23, 2026

Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Source: secalert@redhat.com

http://osvdb.org/34875

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2008-0630.html

Source: secalert@redhat.com

http://secunia.com/advisories/27037

Source: secalert@redhat.com

http://secunia.com/advisories/27727

Source: secalert@redhat.com

http://secunia.com/advisories/30802

Source: secalert@redhat.com

http://secunia.com/advisories/30899

Source: secalert@redhat.com

http://secunia.com/advisories/30908

Source: secalert@redhat.com

http://secunia.com/advisories/31493

Source: secalert@redhat.com

http://secunia.com/advisories/33668

Source: secalert@redhat.com

http://securityreason.com/securityalert/2722

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

Source: secalert@redhat.com

http://support.apple.com/kb/HT2163

Source: secalert@redhat.com

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Source: secalert@redhat.com

http://tomcat.apache.org/security-4.html

Source: secalert@redhat.com

http://tomcat.apache.org/security-5.html

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0261.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/469067/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500396/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500412/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/24058

Source: secalert@redhat.com

Exploit Patch

http://www.vupen.com/english/advisories/2007/3386

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1979/references

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1981/references

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0233

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

Source: secalert@redhat.com

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Source: secalert@redhat.com

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx