CVE-2007-1355

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 4.0.0 through 4.0.6 Apache Tomcat versions 4.1.0 through 4.1.36 Apache Tomcat versions 5.0.0 through 5.0.30 Apache Tomcat versions 5.5.0 through 5.5.23 Apache Tomcat versions 6.0.0 through 6.0.10

Description The issue allows remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors, which can lead to cross-site scripting (XSS) attacks.

Recommendations For Apache Tomcat versions 4.0.0 through 4.0.6, update to a version outside of this range to mitigate the risk. For Apache Tomcat versions 4.1.0 through 4.1.36, update to a version outside of this range to mitigate the risk. For Apache Tomcat versions 5.0.0 through 5.0.30, update to a version outside of this range to mitigate the risk. For Apache Tomcat versions 5.5.0 through 5.5.23, update to a version outside of this range to mitigate the risk. For Apache Tomcat versions 6.0.0 through 6.0.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the test parameter in the affected application to minimize the risk of exploitation.