OSVDB ID: 36417

Title: Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS

Info

Disclosure

Aug 14, 2007

Discovery

Unknown

Dates

Exploit

Aug 14, 2007

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Products

Unknown or Incomplete

References

Security Tracker: 1018558
CVE ID: 2007-3386 (see also: NVD)
Bugtraq ID: 25314
Secunia Advisory ID: 26465 26898 27037 27267 27727 28317 33668 33978
SCIP VulDB ID: 3256
ISS X-Force ID: 36001
VUPEN Advisory: ADV-2007-2880 ADV-2007-3386 ADV-2007-3527
Other Advisory URL: HPSBTU02276 SSRT071472: HPSBUX02262 SSRT071447: http://www.debian.org/security/2008/dsa-1447
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-10/0102.html
http://archives.neohapsis.com/archives/bugtraq/2007-10/0249.html
http://archives.neohapsis.com/archives/bugtraq/2009-01/0254.html
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
Vendor Specific News/Changelog Entry: http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://tomcat.apache.org/security-6.html
Vendor Specific Advisory URL: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
Vendor Specific Solution URL: https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=RO04648&actionID=4
RedHat RHSA: RHSA-2007:0871

Credit

NTT OSS CENTER -

Direct URL: http://osvdb.org/36417