CVE-2006-7195

Aliases:GHSA-p57v-p3fx-qgwm

Advisory lineage Upstream: 0 Downstream: 6

Downstream

RHSA-2007:0326 RHSA-2007:0327 RHSA-2007:0328 RHSA-2007:0340 RHSA-2008:0261 RHSA-2008:0524

Modified

Published: 09 May 2007, 22:00

Last modified:07 Aug 2024, 20:57

Vulnerability Summary

Overall Risk (default)

low

19/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

11.25% MEDIUM

11% probability +0.37%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 May 2007, 22:00

Published

Vulnerability first disclosed

07 Aug 2024, 20:57

Last Modified

Vulnerability information updated

Description

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 11.25%• Percentile: 94%

Affected Systems

Unknown•Tomcat
5.0.0 | 5.0.1 | 5.0.2 | 5.0.10 | 5.0.11 | 5.0.12 | 5.0.13 | 5.0.14 | 5.0.15 | 5.0.16 | 5.0.17 | 5.0.18 | 5.0.19 | 5.0.21 | 5.0.22 | 5.0.23 | 5.0.24 | 5.0.25 | 5.0.26 | 5.0.27 | 5.0.28 | 5.0.29 | 5.0.30 | 5.5.0 | 5.5.5 | 5.5.6 | 5.5.7 | 5.5.8 | 5.5.9 | 5.5.10 | 5.5.11 | 5.5.12 | 5.5.13 | 5.5.14 | 5.5.15 | 5.5.16 | 5.5.17
org.apache.tomcat•tomcat
≥ 5.0.0, ≤ 5.0.30 | ≥ 5.5.0, < 5.5.18