[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2007-1358":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":67,"related":68,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":81,"kevs":274,"epss":275,"epss_history":278,"metrics":506,"affected":511},"CVE-2007-1358","Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-xmc9-6p56-3c4v",[],[49,51,53,55,57,59,61,63,65],{"_key":50},"RHSA-2007:0326",{"_key":52},"RHSA-2007:0327",{"_key":54},"RHSA-2007:0328",{"_key":56},"RHSA-2007:0360",{"_key":58},"RHSA-2007:0876",{"_key":60},"RHSA-2008:0261",{"_key":62},"RHSA-2008:0524",{"_key":64},"RHSA-2008:0630",{"_key":66},"RHSA-2010:0602",[],[],"2007-05-09T22:00:00.000Z","2024-08-07T12:50:35.295Z","Modified",{"cisa_kev":73,"cisa_ransomware":73,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":71},false,"high",0.44249,"low",2.6,"v2.0","nvd","AV:N/AC:H/Au:N/C:N/I:P/A:N",[82,91,97,101,107,112,117,121,125,130,134,138,143,149,153,157,161,166,171,175,179,185,189,193,197,201,206,210,215,219,223,227,232,236,240,244,249,253,257,262,266,270],{"url":83,"sources":84,"tags":87},"http://tomcat.apache.org/security-4.html",[85,79,86],"cve.org","osv_maven",[88,89,90],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":92,"sources":93,"tags":94},"http://secunia.com/advisories/30908",[85,79],[95,96,89],"Third Party Advisory","X Refsource SECUNIA",{"url":98,"sources":99,"tags":100},"http://secunia.com/advisories/25721",[85,79],[95,96,89],{"url":102,"sources":103,"tags":104},"http://www.vupen.com/english/advisories/2007/2732",[85,79],[105,106],"VDB Entry","X Refsource VUPEN",{"url":108,"sources":109,"tags":110},"http://rhn.redhat.com/errata/RHSA-2008-0630.html",[85,79,86],[89,111,90],"X Refsource REDHAT",{"url":113,"sources":114,"tags":115},"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1",[85,79],[89,116],"X Refsource SUNALERT",{"url":118,"sources":119,"tags":120},"http://www.vupen.com/english/advisories/2007/3087",[85,79],[105,106],{"url":122,"sources":123,"tags":124},"http://secunia.com/advisories/30899",[85,79],[95,96,89],{"url":126,"sources":127,"tags":128},"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html",[85,79,86],[89,129,90],"X Refsource FEDORA",{"url":131,"sources":132,"tags":133},"http://secunia.com/advisories/31493",[85,79],[95,96,89],{"url":135,"sources":136,"tags":137},"http://www.vupen.com/english/advisories/2008/1979/references",[85,79],[105,106],{"url":139,"sources":140,"tags":141},"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",[85,79,86],[89,142,90],"X Refsource APPLE",{"url":144,"sources":145,"tags":146},"http://www.securityfocus.com/archive/1/500412/100/0/threaded",[85,79],[147,148],"Mailing List","X Refsource BUGTRAQ",{"url":150,"sources":151,"tags":152},"http://secunia.com/advisories/33668",[85,79],[95,96,89],{"url":154,"sources":155,"tags":156},"http://www.securityfocus.com/archive/1/500396/100/0/threaded",[85,79],[147,148],{"url":158,"sources":159,"tags":160},"http://www.vupen.com/english/advisories/2007/1729",[85,79],[105,106],{"url":162,"sources":163,"tags":164},"http://osvdb.org/34881",[85,79],[105,165],"X Refsource OSVDB",{"url":167,"sources":168,"tags":169},"http://www.securityfocus.com/bid/24524",[85,79],[105,170],"X Refsource BID",{"url":172,"sources":173,"tags":174},"http://www.vupen.com/english/advisories/2009/0233",[85,79],[105,106],{"url":176,"sources":177,"tags":178},"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html",[85,79],[88],{"url":180,"sources":181,"tags":182},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679",[85,79],[105,183,184],"Signature","X Refsource OVAL",{"url":186,"sources":187,"tags":188},"http://www.vupen.com/english/advisories/2007/3386",[85,79],[105,106],{"url":190,"sources":191,"tags":192},"http://www.securityfocus.com/archive/1/471719/100/0/threaded",[85,79],[147,148],{"url":194,"sources":195,"tags":196},"http://secunia.com/advisories/27037",[85,79],[95,96,89],{"url":198,"sources":199,"tags":200},"http://docs.info.apple.com/article.html?artnum=306172",[85,79,86],[88,90],{"url":202,"sources":203,"tags":204},"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",[85,79],[89,205],"X Refsource HP",{"url":207,"sources":208,"tags":209},"http://secunia.com/advisories/27727",[85,79],[95,96,89],{"url":211,"sources":212,"tags":213},"http://jvn.jp/jp/JVN%2316535199/index.html",[85,79],[95,214],"X Refsource JVN",{"url":216,"sources":217,"tags":218},"http://www.securityfocus.com/bid/25159",[85,79],[105,170],{"url":220,"sources":221,"tags":222},"http://secunia.com/advisories/26660",[85,79],[95,96,89],{"url":224,"sources":225,"tags":226},"http://www.redhat.com/support/errata/RHSA-2008-0261.html",[85,79,86],[89,111,90],{"url":228,"sources":229,"tags":230},"http://www.securitytracker.com/id?1018269",[85,79],[105,231],"X Refsource SECTRACK",{"url":233,"sources":234,"tags":235},"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",[85,79],[88],{"url":237,"sources":238,"tags":239},"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",[85,79],[88],{"url":241,"sources":242,"tags":243},"http://secunia.com/advisories/26235",[85,79],[95,96,89],{"url":245,"sources":246,"tags":247},"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",[85,79],[147,248],"X Refsource MLIST",{"url":250,"sources":251,"tags":252},"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",[85,79],[147,248],{"url":254,"sources":255,"tags":256},"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",[85,79],[147,248],{"url":258,"sources":259,"tags":260},"https://nvd.nist.gov/vuln/detail/CVE-2007-1358",[86],[261],"Advisory",{"url":263,"sources":264,"tags":265},"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E",[86],[90],{"url":267,"sources":268,"tags":269},"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E",[86],[90],{"url":271,"sources":272,"tags":273},"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E",[86],[90],[],{"date":276,"score":75,"percentile":277},"2026-06-04",0.9762,[279,283,286,288,290,292,294,296,298,301,303,306,308,311,313,315,317,320,322,324,326,328,330,332,334,336,338,341,344,347,349,352,354,356,358,360,362,364,367,370,373,376,378,381,384,386,389,391,393,396,398,400,403,407,410,413,416,418,421,424,427,429,432,435,438,440,442,445,447,449,452,455,458,461,464,466,469,471,473,476,479,482,485,488,491,493,495,498,501,503],{"date":280,"score":281,"percentile":282},"2025-11-04",0.45206,0.97441,{"date":284,"score":281,"percentile":285},"2025-11-05",0.97442,{"date":287,"score":281,"percentile":282},"2025-11-06",{"date":289,"score":281,"percentile":285},"2025-11-07",{"date":291,"score":281,"percentile":282},"2025-11-08",{"date":293,"score":281,"percentile":282},"2025-11-09",{"date":295,"score":281,"percentile":285},"2025-11-10",{"date":297,"score":281,"percentile":282},"2025-11-11",{"date":299,"score":281,"percentile":300},"2025-11-12",0.97444,{"date":302,"score":281,"percentile":300},"2025-11-13",{"date":304,"score":281,"percentile":305},"2025-11-14",0.97445,{"date":307,"score":281,"percentile":285},"2025-11-15",{"date":309,"score":281,"percentile":310},"2025-11-16",0.97443,{"date":312,"score":281,"percentile":310},"2025-11-17",{"date":314,"score":281,"percentile":300},"2025-11-18",{"date":316,"score":281,"percentile":305},"2025-11-19",{"date":318,"score":281,"percentile":319},"2025-11-20",0.97446,{"date":321,"score":281,"percentile":285},"2025-11-21",{"date":323,"score":281,"percentile":282},"2025-11-22",{"date":325,"score":281,"percentile":285},"2025-11-23",{"date":327,"score":281,"percentile":310},"2025-11-24",{"date":329,"score":281,"percentile":300},"2025-11-25",{"date":331,"score":281,"percentile":300},"2025-11-26",{"date":333,"score":281,"percentile":319},"2025-11-27",{"date":335,"score":281,"percentile":305},"2025-11-28",{"date":337,"score":281,"percentile":310},"2025-11-29",{"date":339,"score":281,"percentile":340},"2025-11-30",0.9744,{"date":342,"score":281,"percentile":343},"2025-12-01",0.97463,{"date":345,"score":281,"percentile":346},"2025-12-02",0.97462,{"date":348,"score":281,"percentile":346},"2025-12-03",{"date":350,"score":281,"percentile":351},"2025-12-04",0.97439,{"date":353,"score":281,"percentile":351},"2025-12-05",{"date":355,"score":281,"percentile":351},"2025-12-06",{"date":357,"score":281,"percentile":282},"2025-12-07",{"date":359,"score":281,"percentile":310},"2025-12-08",{"date":361,"score":281,"percentile":285},"2025-12-09",{"date":363,"score":281,"percentile":319},"2025-12-10",{"date":365,"score":281,"percentile":366},"2025-12-11",0.97449,{"date":368,"score":281,"percentile":369},"2025-12-12",0.97451,{"date":371,"score":281,"percentile":372},"2025-12-13",0.97453,{"date":374,"score":281,"percentile":375},"2025-12-14",0.97452,{"date":377,"score":281,"percentile":372},"2025-12-15",{"date":379,"score":281,"percentile":380},"2025-12-16",0.97456,{"date":382,"score":281,"percentile":383},"2025-12-17",0.97458,{"date":385,"score":281,"percentile":343},"2025-12-18",{"date":387,"score":281,"percentile":388},"2025-12-19",0.97464,{"date":390,"score":281,"percentile":388},"2025-12-20",{"date":392,"score":281,"percentile":346},"2025-12-21",{"date":394,"score":281,"percentile":395},"2025-12-22",0.97461,{"date":397,"score":281,"percentile":395},"2025-12-23",{"date":399,"score":281,"percentile":388},"2025-12-24",{"date":401,"score":281,"percentile":402},"2025-12-25",0.97466,{"date":404,"score":405,"percentile":406},"2025-12-26",0.39862,0.97173,{"date":408,"score":405,"percentile":409},"2025-12-27",0.97199,{"date":411,"score":405,"percentile":412},"2025-12-28",0.97174,{"date":414,"score":405,"percentile":415},"2025-12-29",0.97175,{"date":417,"score":405,"percentile":415},"2025-12-30",{"date":419,"score":405,"percentile":420},"2025-12-31",0.9718,{"date":422,"score":405,"percentile":423},"2026-01-01",0.97206,{"date":425,"score":405,"percentile":426},"2026-01-02",0.97207,{"date":428,"score":405,"percentile":426},"2026-01-03",{"date":430,"score":405,"percentile":431},"2026-01-04",0.97181,{"date":433,"score":405,"percentile":434},"2026-01-05",0.97183,{"date":436,"score":405,"percentile":437},"2026-01-06",0.97184,{"date":439,"score":405,"percentile":437},"2026-01-07",{"date":441,"score":405,"percentile":437},"2026-01-08",{"date":443,"score":405,"percentile":444},"2026-01-09",0.97186,{"date":446,"score":405,"percentile":444},"2026-01-10",{"date":448,"score":405,"percentile":444},"2026-01-11",{"date":450,"score":405,"percentile":451},"2026-01-12",0.97187,{"date":453,"score":405,"percentile":454},"2026-01-13",0.97188,{"date":456,"score":405,"percentile":457},"2026-01-14",0.97191,{"date":459,"score":405,"percentile":460},"2026-01-15",0.97192,{"date":462,"score":405,"percentile":463},"2026-01-16",0.97196,{"date":465,"score":405,"percentile":463},"2026-01-17",{"date":467,"score":405,"percentile":468},"2026-01-18",0.97195,{"date":470,"score":405,"percentile":463},"2026-01-19",{"date":472,"score":405,"percentile":468},"2026-01-20",{"date":474,"score":405,"percentile":475},"2026-01-21",0.97197,{"date":477,"score":405,"percentile":478},"2026-01-22",0.97198,{"date":480,"score":405,"percentile":481},"2026-01-23",0.97201,{"date":483,"score":405,"percentile":484},"2026-01-24",0.97202,{"date":486,"score":405,"percentile":487},"2026-01-25",0.97203,{"date":489,"score":405,"percentile":490},"2026-01-26",0.97205,{"date":492,"score":405,"percentile":490},"2026-01-27",{"date":494,"score":405,"percentile":426},"2026-01-28",{"date":496,"score":405,"percentile":497},"2026-01-29",0.97209,{"date":499,"score":405,"percentile":500},"2026-01-30",0.97208,{"date":502,"score":405,"percentile":497},"2026-01-31",{"date":504,"score":405,"percentile":505},"2026-02-01",0.97234,[507],{"source":79,"cvss_v2_0":508,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":77,"baseSeverity":9,"vectorString":80,"impactScore":509,"exploitabilityScore":510},2.9,4.9,[512,537],{"ecosystem":9,"name":513,"vendor":9,"product":513,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":514},"Tomcat",[515,521,523,525,527,529,531,533,535],{"version":516,"is_range":517,"range_type":518,"version_start":9,"version_start_type":9,"version_end":519,"version_end_type":520,"fixed_in":9},"lte4.1.31",true,"cpe","4.1.31","including",{"version":522,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.0",{"version":524,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.1",{"version":526,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.2",{"version":528,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.3",{"version":530,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.4",{"version":532,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.5",{"version":534,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.6",{"version":536,"is_range":73,"range_type":518,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.0",{"ecosystem":538,"name":539,"vendor":540,"product":541,"cpe_part":9,"purl_type":542,"purl_namespace":540,"purl_name":541,"source":9,"versions":543},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[544,547],{"version":545,"is_range":517,"range_type":546,"version_start":522,"version_start_type":520,"version_end":534,"version_end_type":520,"fixed_in":9},"gte4_0_0_lte4_0_6","ecosystem",{"version":548,"is_range":517,"range_type":546,"version_start":536,"version_start_type":520,"version_end":549,"version_end_type":520,"fixed_in":9},"gte4_1_0_lte4_1_34","4.1.34"]