Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-3386

Date: August 14, 2007

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Severity Score

Related Resources (35)

http://secunia.com/advisories/33668
http://www.vupen.com/english/advisories/2007/3386
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://securitytracker.com/id?1018558
http://www.debian.org/security/2008/dsa-1447
http://www.securityfocus.com/archive/1/476448/100/0/threaded
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3386
http://secunia.com/advisories/26465
http://secunia.com/advisories/27037
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
http://www.securityfocus.com/bid/25314
http://jvn.jp/jp/JVN%2359851336/index.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/36001
http://www.vupen.com/english/advisories/2009/0233
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077
https://access.redhat.com/security/cve/CVE-2007-3386
http://www.vupen.com/english/advisories/2007/2880
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://www.vupen.com/english/advisories/2007/3527
http://secunia.com/advisories/27727
https://nvd.nist.gov/vuln/detail/CVE-2007-3386
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://tomcat.apache.org/security-6.html
http://osvdb.org/36417
http://secunia.com/advisories/27267
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://secunia.com/advisories/28317
http://secunia.com/advisories/26898
http://www.redhat.com/support/errata/RHSA-2007-0871.html
http://securityreason.com/securityalert/3010
https://www.mend.io/vulnerability-database/CVE-2007-3386

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us