CVE-2007-3384

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 3.3 through 3.3.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the Name or Value field, related to error messages, enabling an XSS attack. This occurs because Tomcat does not filter user-supplied data before display when reporting error messages.

Recommendations For Apache Tomcat versions 3.3 through 3.3.2, consider applying a source patch from the archives to resolve the issue. As a temporary workaround, restrict access to the examples/servlet/CookieExample servlet to minimize the risk of exploitation. Avoid using the Name or Value field in the affected servlet until the issue is resolved.