exploits , vulnerabilities , articles , Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability

Title	Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
Published	2007-07-21-12:00AM
Updated	2007-07-25-07:15PM
Class	Input Validation Error
CVE	CVE-2007-3383
Remote	Yes
Local	No
Credit	Tomasz Kuczynski is credited with the discovery of this vulnerability.
Vulnerable	Apache Software Foundation Tomcat 4.1.36 Apache Software Foundation Tomcat 4.1.34 Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.2 Apache Software Foundation Tomcat 4.1.24 Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.2 Apache Software Foundation Tomcat 4.1.12 Apache Software Foundation Tomcat 4.1.10 Apache Software Foundation Tomcat 4.1.9 beta Apache Software Foundation Tomcat 4.1.3 beta Apache Software Foundation Tomcat 4.1 BSDI BSD/OS 4.0 Caldera OpenLinux 2.4 Conectiva Linux 5.1 Debian Linux 2.3 Debian Linux 2.2 Debian Linux 2.1 Digital UNIX 4.0 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.5 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 NetBSD NetBSD 1.4.2 x86 NetBSD NetBSD 1.4.1 x86 RedHat Linux 6.2 i386 RedHat Linux 6.1 i386 SGI IRIX 6.5 SGI IRIX 6.4 SGI IRIX 3.3 Sun Solaris 7.0 Sun Solaris 8 Apache Software Foundation Tomcat 4.0.6 Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.2 Apache Software Foundation Tomcat 4.0.5 RedHat Stronghold 4.0 Apache Software Foundation Tomcat 4.0.4 Apache Software Foundation Tomcat 4.0.3 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Apache Software Foundation Tomcat 4.0.2 Apache Software Foundation Tomcat 4.0.1 BSDI BSD/OS 4.0 Caldera OpenLinux 2.4 Conectiva Linux 5.1 Debian Linux 2.2 Debian Linux 2.1 Digital UNIX 4.0 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.0 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 NetBSD NetBSD 1.4.2 x86 NetBSD NetBSD 1.4.1 x86 RedHat Linux 6.2 i386 RedHat Linux 6.1 i386 SGI IRIX 6.5 SGI IRIX 6.4 SGI IRIX 3.3 Sun Solaris 7.0 Sun Solaris 8 Apache Software Foundation Tomcat 4.0 BSDI BSD/OS 4.0 Caldera OpenLinux 2.4 Conectiva Linux 5.1 Debian Linux 2.2 Debian Linux 2.1 Digital UNIX 4.0 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.0 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 NetBSD NetBSD 1.4.2 x86 NetBSD NetBSD 1.4.1 x86 RedHat Linux 6.2 i386 RedHat Linux 6.1 i386 SGI IRIX 6.5 SGI IRIX 6.4 Sun Solaris 7.0 Sun Solaris 8
Not Vulnerable
Code	An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
• 2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability
• 2008-12-01 Rumpus FTP Server HTTP Command Remote Denial of Service Vulnerability
• 2008-11-29 Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
• 2008-11-29 Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
• 2008-11-28 ReVou Login SQL Injection Vulnerability
• 2008-11-28 Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-11-28 SailPlanner Login SQL Injection Vulnerability
• 2008-11-28 Livio.net WEB Calendar Cross Site Scripting and Multiple SQL Injection Vulnerabilities
• 2008-11-28 Subtext Anchor Tags HTML Injection Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 02 Dec 2008 10:27:46 +0000