Vulnerability CVE-2007-1358: Information

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Severity: LOW (2.6)

References to Advisories, Solutions, and Tools

1. Affected configurations:

   1. Configuration 1

      cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

      End including

      4.1.31

      ---