Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache Tomcat 6.0.6:
  • low: Cross-site scripting CVE-2007-1358
    Web pages that display the Accept-Language header value sent by the client are susceptible to a cross-site scripting attack if they assume the Accept-Language header value conforms to RFC 2616. Under normal circumstances this would not be possible to exploit, however older versions of Flash player were known to allow carefully crafted malicious Flash files to make requests with such custom headers. Tomcat now ignores invalid values for Accept-Language headers that do not conform to RFC 2616.

Affected Apache Tomcat version (6.0.0 - 6.0.5).

Remediation

Upgrade Apache Tomcat to the latest version.

References

Apache Tomcat 6.x vulnerabilities

Related Vulnerabilities

WordPress Plugin Image Slider Cross-Site Scripting (1.1.5)

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Unspecified Vulnerability (1.7.12)

WordPress Multiple Cross-Site Scripting Vulnerabilities (4.1 - 4.2.1)

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-2113)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0704)

Severity

Low

Classification

CVE-2007-1358 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update XSS