Vulnerabilities > CVE-2007-3384 - Cross-Site Scripting vulnerability in Apache Tomcat Error Message Reporting
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | Web Servers |
| NASL id | TOMCAT_3_3_2.NASL |
| description | According to its self-reported version number, the instance of Apache Tomcat 3.x listening on the remote host is prior to 3.3.2, It is, therefore, affected by multiple vulnerabilities. Unspecified cross-site scripting vulnerabilities exist in the |
| last seen | 2020-03-18 |
| modified | 2010-11-09 |
| plugin id | 50526 |
| published | 2010-11-09 |
| reporter | This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/50526 |
| title | Apache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities |
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2007-3384 CNCVE ID:CNCVE-20073384 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 当报告错误消息时,在显示前Tomcat没有正确过滤用户提供的数据,可导致跨站脚本攻击,攻击者诱使用户访问可导致获得敏感信息。 Apache Software Foundation Tomcat 3.3.2 Apache Software Foundation Tomcat 3.3.1 a Apache Software Foundation Tomcat 3.3.1 Apache Software Foundation Tomcat 3.3 - BSDI BSD/OS 4.0 - Caldera OpenLinux 2.4 - Conectiva Linux 5.1 - Debian Linux 2.2 - Debian Linux 2.1 - Digital UNIX 4.0 - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.0 - MandrakeSoft Linux Mandrake 7.1 - MandrakeSoft Linux Mandrake 7.0 - NetBSD NetBSD 1.4.2 x86 - NetBSD NetBSD 1.4.1 x86 - RedHat Linux 6.2 i386 - RedHat Linux 6.1 i386 - SGI IRIX 6.5 - SGI IRIX 6.4 - Sun Solaris 7.0 - Sun Solaris 8 Apache software Foundation Tomcat 3.3.2 * Apache Software Foundation CVE-2007-3384.patch <a href="http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-3/v3.3.2-pat" target="_blank">http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-3/v3.3.2-pat</a> ches/src/CVE-2007-3384.patch |
| id | SSV:2092 |
| last seen | 2017-11-19 |
| modified | 2007-08-08 |
| published | 2007-08-08 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-2092 |
| title | Apache Tomcat错误消息报告跨站脚本漏洞 |