CVE-2007-3386
Published: 14 August 2007
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Priority
Status
Package | Release | Status |
---|---|---|
tomcat5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
tomcat5.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(5.5.25-1)
|
|
hardy |
Released
(5.5.25-1)
|
|
intrepid |
Released
(5.5.25-1)
|
|
jaunty |
Released
(5.5.25-1)
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|