Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-skar-qk57-qkdv
Vulnerability ID VCID-skar-qk57-qkdv
Aliases CVE-2006-7195
GHSA-p57v-p3fx-qgwm
Summary Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
System Score Found at
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2007:0326
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2007:0327
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2007:0328
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2007:0340
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2008:0261
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2008:0524
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
epss 0.10881 https://api.first.org/data/v1/epss?cve=CVE-2006-7195
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=237081
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-p57v-p3fx-qgwm
generic_textual MODERATE https://github.com/apache/tomcat
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2006-7195
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2006-7195
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514
generic_textual MODERATE http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
generic_textual MODERATE https://web.archive.org/web/20080515114843/http://www.securityfocus.com/bid/28481
generic_textual MODERATE https://web.archive.org/web/20171015140308/http://www.securityfocus.com/archive/1/500396/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20171015140313/http://www.securityfocus.com/archive/1/500412/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20201021082255/http://www.securityfocus.com/archive/1/485938/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20230518052431/http://lists.vmware.com/pipermail/security-announce/2008/000003.html
generic_textual MODERATE http://tomcat.apache.org/security-5.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2007-0327.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0261.html
Reference id Reference type URL
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
https://access.redhat.com/errata/RHSA-2007:0326
https://access.redhat.com/errata/RHSA-2007:0327
https://access.redhat.com/errata/RHSA-2007:0328
https://access.redhat.com/errata/RHSA-2007:0340
https://access.redhat.com/errata/RHSA-2008:0261
https://access.redhat.com/errata/RHSA-2008:0524
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7195.json
https://api.first.org/data/v1/epss?cve=CVE-2006-7195
https://bugzilla.redhat.com/show_bug.cgi?id=237081
http://secunia.com/advisories/28365
http://secunia.com/advisories/33668
https://github.com/apache/tomcat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10514
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
https://web.archive.org/web/20080515114843/http://www.securityfocus.com/bid/28481
https://web.archive.org/web/20171015140308/http://www.securityfocus.com/archive/1/500396/100/0/threaded
https://web.archive.org/web/20171015140313/http://www.securityfocus.com/archive/1/500412/100/0/threaded
https://web.archive.org/web/20201021082255/http://www.securityfocus.com/archive/1/485938/100/0/threaded
https://web.archive.org/web/20230518052431/http://lists.vmware.com/pipermail/security-announce/2008/000003.html
http://tomcat.apache.org/security-5.html
http://www.redhat.com/support/errata/RHSA-2007-0327.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/485938/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/bid/28481
http://www.vupen.com/english/advisories/2007/1729
http://www.vupen.com/english/advisories/2008/0065
http://www.vupen.com/english/advisories/2009/0233
cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
CVE-2006-7195 https://access.redhat.com/security/cve/CVE-2006-7195
CVE-2006-7195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
CVE-2006-7195 https://nvd.nist.gov/vuln/detail/CVE-2006-7195
GHSA-p57v-p3fx-qgwm https://github.com/advisories/GHSA-p57v-p3fx-qgwm
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2006-7195
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93353
EPSS Score 0.10881
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:19.264059+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-5.html 38.0.0