CVE-2007-1355

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Tomcat	Apache	4.0.0 (including)	4.0.0 (including)
Tomcat	Apache	4.0.1 (including)	4.0.1 (including)
Tomcat	Apache	4.0.2 (including)	4.0.2 (including)
Tomcat	Apache	4.0.3 (including)	4.0.3 (including)
Tomcat	Apache	4.0.4 (including)	4.0.4 (including)
Tomcat	Apache	4.0.5 (including)	4.0.5 (including)
Tomcat	Apache	4.0.6 (including)	4.0.6 (including)
Tomcat	Apache	4.1.10 (including)	4.1.10 (including)
Tomcat	Apache	4.1.15 (including)	4.1.15 (including)
Tomcat	Apache	4.1.24 (including)	4.1.24 (including)
Tomcat	Apache	4.1.28 (including)	4.1.28 (including)
Tomcat	Apache	4.1.31 (including)	4.1.31 (including)
Tomcat	Apache	5.0.1 (including)	5.0.1 (including)
Tomcat	Apache	5.0.2 (including)	5.0.2 (including)
Tomcat	Apache	5.0.3 (including)	5.0.3 (including)
Tomcat	Apache	5.0.4 (including)	5.0.4 (including)
Tomcat	Apache	5.0.5 (including)	5.0.5 (including)
Tomcat	Apache	5.0.6 (including)	5.0.6 (including)
Tomcat	Apache	5.0.7 (including)	5.0.7 (including)
Tomcat	Apache	5.0.8 (including)	5.0.8 (including)
Tomcat	Apache	5.0.9 (including)	5.0.9 (including)
Tomcat	Apache	5.0.10 (including)	5.0.10 (including)
Tomcat	Apache	5.0.11 (including)	5.0.11 (including)
Tomcat	Apache	5.0.12 (including)	5.0.12 (including)
Tomcat	Apache	5.0.13 (including)	5.0.13 (including)
Tomcat	Apache	5.0.14 (including)	5.0.14 (including)
Tomcat	Apache	5.0.15 (including)	5.0.15 (including)
Tomcat	Apache	5.0.16 (including)	5.0.16 (including)
Tomcat	Apache	5.0.17 (including)	5.0.17 (including)
Tomcat	Apache	5.0.18 (including)	5.0.18 (including)
Tomcat	Apache	5.0.19 (including)	5.0.19 (including)
Tomcat	Apache	5.0.21 (including)	5.0.21 (including)
Tomcat	Apache	5.0.22 (including)	5.0.22 (including)
Tomcat	Apache	5.0.23 (including)	5.0.23 (including)
Tomcat	Apache	5.0.24 (including)	5.0.24 (including)
Tomcat	Apache	5.0.25 (including)	5.0.25 (including)
Tomcat	Apache	5.0.26 (including)	5.0.26 (including)
Tomcat	Apache	5.0.27 (including)	5.0.27 (including)
Tomcat	Apache	5.0.28 (including)	5.0.28 (including)
Tomcat	Apache	5.0.29 (including)	5.0.29 (including)
Tomcat	Apache	5.0.30 (including)	5.0.30 (including)
Tomcat	Apache	6.0.0 (including)	6.0.0 (including)
Tomcat	Apache	6.0.1 (including)	6.0.1 (including)
Tomcat	Apache	6.0.2 (including)	6.0.2 (including)
Tomcat	Apache	6.0.3 (including)	6.0.3 (including)
Tomcat	Apache	6.0.4 (including)	6.0.4 (including)
Tomcat	Apache	6.0.5 (including)	6.0.5 (including)
Tomcat	Apache	6.0.6 (including)	6.0.6 (including)
Tomcat	Apache	6.0.7 (including)	6.0.7 (including)
Tomcat	Apache	6.0.8 (including)	6.0.8 (including)
Tomcat	Apache	6.0.9 (including)	6.0.9 (including)
Tomcat	Apache	6.0.10 (including)	6.0.10 (including)
Red Hat Network Satellite Server v 4.2	RedHat	jabberd-0:2.0s10-3.38.rhn	*
Red Hat Network Satellite Server v 4.2	RedHat	java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	*
Red Hat Network Satellite Server v 4.2	RedHat	jfreechart-0:0.9.20-3.rhn	*
Red Hat Network Satellite Server v 4.2	RedHat	openmotif21-0:2.1.30-11.RHEL4.6	*
Red Hat Network Satellite Server v 4.2	RedHat	perl-Crypt-CBC-0:2.24-1.el4	*
Red Hat Network Satellite Server v 4.2	RedHat	rhn-apache-0:1.3.27-36.rhn.rhel4	*
Red Hat Network Satellite Server v 4.2	RedHat	rhn-modjk-0:1.2.23-2rhn.rhel4	*
Red Hat Network Satellite Server v 4.2	RedHat	rhn-modperl-0:1.29-16.rhel4	*
Red Hat Network Satellite Server v 4.2	RedHat	rhn-modssl-0:2.8.12-8.rhn.10.rhel4	*
Red Hat Network Satellite Server v 4.2	RedHat	tomcat5-0:5.0.30-0jpp_10rh	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	jabberd-0:2.0s10-3.37.rhn	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	jfreechart-0:0.9.20-3.rhn	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	openmotif21-0:2.1.30-9.RHEL3.8	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	perl-Crypt-CBC-0:2.24-1.el3	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	rhn-apache-0:1.3.27-36.rhn.rhel3	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	rhn-modjk-0:1.2.23-2rhn.rhel3	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	rhn-modperl-0:1.29-16.rhel3	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	rhn-modssl-0:2.8.12-8.rhn.10.rhel3	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	tomcat5-0:5.0.30-0jpp_10rh	*
Red Hat Network Satellite Server v 5.0	RedHat	jabberd-0:2.0s10-3.38.rhn	*
Red Hat Network Satellite Server v 5.0	RedHat	java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	*
Red Hat Network Satellite Server v 5.0	RedHat	jfreechart-0:0.9.20-3.rhn	*
Red Hat Network Satellite Server v 5.0	RedHat	openmotif21-0:2.1.30-11.RHEL4.6	*
Red Hat Network Satellite Server v 5.0	RedHat	perl-Crypt-CBC-0:2.24-1.el4	*
Red Hat Network Satellite Server v 5.0	RedHat	rhn-apache-0:1.3.27-36.rhn.rhel4	*
Red Hat Network Satellite Server v 5.0	RedHat	rhn-modjk-0:1.2.23-2rhn.rhel4	*
Red Hat Network Satellite Server v 5.0	RedHat	rhn-modperl-0:1.29-16.rhel4	*
Red Hat Network Satellite Server v 5.0	RedHat	rhn-modssl-0:2.8.12-8.rhn.10.rhel4	*
Red Hat Network Satellite Server v 5.0	RedHat	tomcat5-0:5.0.30-0jpp_10rh	*
Red Hat Network Satellite Server v 5.1	RedHat	jfreechart-0:0.9.20-3.rhn	*
Red Hat Network Satellite Server v 5.1	RedHat	mod_perl-0:2.0.2-12.el4	*
Red Hat Network Satellite Server v 5.1	RedHat	perl-Crypt-CBC-0:2.24-1.el4	*
Red Hat Network Satellite Server v 5.1	RedHat	rhn-web-0:5.1.1-7	*
Red Hat Network Satellite Server v 5.1	RedHat	tomcat5-0:5.0.30-0jpp_10rh	*
Tomcat4	Ubuntu	dapper	*
Tomcat4	Ubuntu	edgy	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1355
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References