CVE-2007-3383

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://osvdb.org/39000
http://seclists.org/fulldisclosure/2007/Jul/0448.html	Patch
http://secunia.com/advisories/30802
http://securityreason.com/securityalert/2918
http://support.apple.com/kb/HT2163
http://tomcat.apache.org/security-4.html	Patch
http://www.kb.cert.org/vuls/id/862600	Patch US Government Resource
http://www.securityfocus.com/archive/1/474413/100/0/threaded
http://www.securityfocus.com/bid/24999
http://www.vupen.com/english/advisories/2007/2618
http://www.vupen.com/english/advisories/2008/1981/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:4.0.0:::::::*
	cpe:2.3:a:apache:tomcat:4.0.1:::::::*
	cpe:2.3:a:apache:tomcat:4.0.2:::::::*
	cpe:2.3:a:apache:tomcat:4.0.3:::::::*
	cpe:2.3:a:apache:tomcat:4.0.4:::::::*
	cpe:2.3:a:apache:tomcat:4.0.5:::::::*
	cpe:2.3:a:apache:tomcat:4.0.6:::::::*
	cpe:2.3:a:apache:tomcat:4.1.0:::::::*
	cpe:2.3:a:apache:tomcat:4.1.1:::::::*
	cpe:2.3:a:apache:tomcat:4.1.2:::::::*
	cpe:2.3:a:apache:tomcat:4.1.3:::::::*
	cpe:2.3:a:apache:tomcat:4.1.10:::::::*
	cpe:2.3:a:apache:tomcat:4.1.15:::::::*
	cpe:2.3:a:apache:tomcat:4.1.24:::::::*
	cpe:2.3:a:apache:tomcat:4.1.28:::::::*
	cpe:2.3:a:apache:tomcat:4.1.31:::::::*
	cpe:2.3:a:apache:tomcat:4.1.36:::::::*

History

07 Nov 2023, 02:00

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E -

Information

Published : 2007-07-25 17:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3383

Mitre link : CVE-2007-3383

CVE.ORG link : CVE-2007-3383

JSON object : View

Products Affected

apache

tomcat

CWE

NVD-CWE-Other

4.3 /10