CVE-2007-3386

N/A Unknown

Published: August 14, 2007 Modified: April 23, 2026

Description

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

Source: secalert@redhat.com

http://jvn.jp/jp/JVN%2359851336/index.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: secalert@redhat.com

http://osvdb.org/36417

Source: secalert@redhat.com

http://secunia.com/advisories/26465

Source: secalert@redhat.com

http://secunia.com/advisories/26898

Source: secalert@redhat.com

http://secunia.com/advisories/27037

Source: secalert@redhat.com

http://secunia.com/advisories/27267

Source: secalert@redhat.com

http://secunia.com/advisories/27727

Source: secalert@redhat.com

http://secunia.com/advisories/28317

Source: secalert@redhat.com

http://secunia.com/advisories/33668

Source: secalert@redhat.com

http://securityreason.com/securityalert/3010

Source: secalert@redhat.com

http://securitytracker.com/id?1018558

Source: secalert@redhat.com

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

Patch

http://www.debian.org/security/2008/dsa-1447

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0871.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/476448/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500396/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/500412/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/25314

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/2880

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3386

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3527

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0233

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/36001

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Source: secalert@redhat.com

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx