National Vulnerability Database (NVD) National Vulnerability Database (CVE-2007-3386)

National Cyber Awareness System

Vulnerability Summary for CVE-2007-3386

Original release date:08/14/2007

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BUGTRAQ

Name: 20070814 CVE-2007-3386: XSS in Host Manager

Type: Patch Information

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/476448/100/0/threaded

External Source: CONFIRM

Name: http://tomcat.apache.org/security-6.html

Type: Patch Information

Hyperlink:http://tomcat.apache.org/security-6.html

External Source: FEDORA

Name: FEDORA-2007-3456

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

External Source: XF

Name: tomcat-hostmanager-alias-xss(36001)

Hyperlink:http://xforce.iss.net/xforce/xfdb/36001

External Source: VUPEN

Name: ADV-2009-0233

Hyperlink:http://www.vupen.com/english/advisories/2009/0233

External Source: VUPEN

Name: ADV-2007-3527

Hyperlink:http://www.vupen.com/english/advisories/2007/3527

External Source: VUPEN

Name: ADV-2007-3386

Hyperlink:http://www.vupen.com/english/advisories/2007/3386

External Source: VUPEN

Name: ADV-2007-2880

Hyperlink:http://www.vupen.com/english/advisories/2007/2880

External Source: BID

Name: 25314

Hyperlink:http://www.securityfocus.com/bid/25314

External Source: BUGTRAQ

Name: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded

External Source: BUGTRAQ

Name: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded

External Source: REDHAT

Name: RHSA-2007:0871

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0871.html

External Source: CONFIRM

Name: http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Hyperlink:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

External Source: SECTRACK

Name: 1018558

Hyperlink:http://securitytracker.com/id?1018558

External Source: SREASON

Name: 3010

Hyperlink:http://securityreason.com/securityalert/3010

External Source: SECUNIA

Name: 33668

Hyperlink:http://secunia.com/advisories/33668

External Source: SECUNIA

Name: 27727

Hyperlink:http://secunia.com/advisories/27727

External Source: SECUNIA

Name: 27267

Hyperlink:http://secunia.com/advisories/27267

External Source: SECUNIA

Name: 27037

Hyperlink:http://secunia.com/advisories/27037

External Source: SECUNIA

Name: 26898

Hyperlink:http://secunia.com/advisories/26898

External Source: SECUNIA

Name: 26465

Hyperlink:http://secunia.com/advisories/26465

External Source: OVAL

Name: oval:org.mitre.oval:def:10077

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10077

External Source: OSVDB

Name: 36417

Hyperlink:http://osvdb.org/36417

External Source: SUSE

Name: SUSE-SR:2009:004

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

External Source: JVN

Name: JVN#59851336

Hyperlink:http://jvn.jp/jp/JVN%2359851336/index.html

External Source: HP

Name: HPSBTU02276

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

External Source: HP

Name: SSRT071472

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

External Source: HP

Name: SSRT071447

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

External Source: HP

Name: HPSBUX02262

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

External Source: CONFIRM

Name: http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Hyperlink:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

External Source: MANDRIVA

Name: MDKSA-2007:241

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

External Source: DEBIAN

Name: DSA-1447

Hyperlink:http://www.debian.org/security/2008/dsa-1447

External Source: SECUNIA

Name: 28317

Hyperlink:http://secunia.com/advisories/28317

References to Check Content

Identifier:oval:org.mitre.oval:def:10077

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10077

Vulnerable software and versions

Configuration 1

* cpe:/a:apache:tomcat:5.5.0

* cpe:/a:apache:tomcat:5.5.1

* cpe:/a:apache:tomcat:5.5.10

* cpe:/a:apache:tomcat:5.5.11

* cpe:/a:apache:tomcat:5.5.12

* cpe:/a:apache:tomcat:5.5.13

* cpe:/a:apache:tomcat:5.5.14

* cpe:/a:apache:tomcat:5.5.15

* cpe:/a:apache:tomcat:5.5.16

* cpe:/a:apache:tomcat:5.5.17

* cpe:/a:apache:tomcat:5.5.18

* cpe:/a:apache:tomcat:5.5.19

* cpe:/a:apache:tomcat:5.5.2

* cpe:/a:apache:tomcat:5.5.20

* cpe:/a:apache:tomcat:5.5.21

* cpe:/a:apache:tomcat:5.5.22

* cpe:/a:apache:tomcat:5.5.23

* cpe:/a:apache:tomcat:5.5.24

* cpe:/a:apache:tomcat:5.5.3

* cpe:/a:apache:tomcat:5.5.4

* cpe:/a:apache:tomcat:5.5.5

* cpe:/a:apache:tomcat:5.5.6

* cpe:/a:apache:tomcat:5.5.7

* cpe:/a:apache:tomcat:5.5.8

* cpe:/a:apache:tomcat:5.5.9

* cpe:/a:apache:tomcat:6.0.0

* cpe:/a:apache:tomcat:6.0.1

* cpe:/a:apache:tomcat:6.0.10

* cpe:/a:apache:tomcat:6.0.11

* cpe:/a:apache:tomcat:6.0.12

* cpe:/a:apache:tomcat:6.0.13

* cpe:/a:apache:tomcat:6.0.2

* cpe:/a:apache:tomcat:6.0.3

* cpe:/a:apache:tomcat:6.0.4

* cpe:/a:apache:tomcat:6.0.5

* cpe:/a:apache:tomcat:6.0.6

* cpe:/a:apache:tomcat:6.0.7

* cpe:/a:apache:tomcat:6.0.8

* cpe:/a:apache:tomcat:6.0.9

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Cross-Site Scripting (XSS) (CWE-79)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386