CVE-2006-7195

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.0.0 through 5.0.30 Apache Tomcat versions 5.5.0 through 5.5.17

Description A cross-site scripting (XSS) issue exists due to unfiltered header values in the implicit-objects.jsp file of the examples webapp, allowing remote attackers to inject arbitrary web script or HTML. This enables a XSS attack.

Recommendations For Apache Tomcat versions 5.0.0 through 5.0.30, filter the header values in the implicit-objects.jsp file to prevent XSS attacks. For Apache Tomcat versions 5.5.0 through 5.5.17, filter the header values in the implicit-objects.jsp file to prevent XSS attacks.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2006-7195

GHSA-P57V-P3FX-QGWM

RHSA-2007:0326

RHSA-2007:0327

RHSA-2007:0328

RHSA-2007:0340

RHSA-2007_0327

RHSA-2008:0261

RHSA-2008:0524

Affected Products

Apache Tomcat

Red Hat

CVE-2006-7195

Weakness Enumeration

Related Identifiers

Affected Products

References · 35