Your submission was sent successfully! Close

CVE-2007-3386

Published: 14 August 2007

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Priority

Unknown

Status

Package Release Status
tomcat5
Launchpad, Ubuntu, Debian
Upstream Needs triage

tomcat5.5
Launchpad, Ubuntu, Debian
Upstream Needs triage