Package Instance

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686

reference_url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-2450

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-2450

reference_url

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287

reference_url

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

https://web.archive.org/web/20071203205513/http://secunia.com/advisories/25678

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20071203205513/http://secunia.com/advisories/25678

reference_url

https://web.archive.org/web/20080212014926/http://secunia.com/advisories/26076

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080212014926/http://secunia.com/advisories/26076

reference_url

https://web.archive.org/web/20080320042501/http://secunia.com/advisories/27727

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080320042501/http://secunia.com/advisories/27727

reference_url

https://web.archive.org/web/20080324012730/http://secunia.com/advisories/28549

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080324012730/http://secunia.com/advisories/28549

reference_url

https://web.archive.org/web/20080413164556/http://securitytracker.com/alerts/2007/Jun/1018245.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080413164556/http://securitytracker.com/alerts/2007/Jun/1018245.html

reference_url

https://web.archive.org/web/20080724125033/http://secunia.com/advisories/27037

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080724125033/http://secunia.com/advisories/27037

reference_url

https://web.archive.org/web/20080801204240/http://secunia.com/advisories/30899

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080801204240/http://secunia.com/advisories/30899

reference_url

https://web.archive.org/web/20080801210056/http://secunia.com/advisories/30802

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080801210056/http://secunia.com/advisories/30802

reference_url

https://web.archive.org/web/20090623202429/http://secunia.com/advisories/33668

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090623202429/http://secunia.com/advisories/33668

reference_url

https://web.archive.org/web/20120809122231/http://secunia.com/advisories/30908

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120809122231/http://secunia.com/advisories/30908

reference_url

https://web.archive.org/web/20200229180652/http://www.securityfocus.com/bid/24475

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229180652/http://www.securityfocus.com/bid/24475

reference_url

https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded

reference_url

https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded

reference_url

https://web.archive.org/web/20200809062244/http://www.securityfocus.com/archive/1/471357/100/0/threaded

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200809062244/http://www.securityfocus.com/archive/1/471357/100/0/threaded

reference_url

https://web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074

reference_url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2008/dsa-1468

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2008/dsa-1468

reference_url

http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

reference_url

http://www.redhat.com/support/errata/RHSA-2007-0569.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0569.html

reference_url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=244808
reference_id	244808
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=244808

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450

reference_id

CVE-2007-2450

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450

reference_url

https://github.com/advisories/GHSA-5c5p-jxvx-x7j2

reference_id

GHSA-5c5p-jxvx-x7j2

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5c5p-jxvx-x7j2

reference_url	https://access.redhat.com/errata/RHSA-2007:0569
reference_id	RHSA-2007:0569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0569

reference_url	https://access.redhat.com/errata/RHSA-2007:0876
reference_id	RHSA-2007:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0876

fixed_packages

url pkg:apache/tomcat@5.5.25

purl pkg:apache/tomcat@5.5.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bv96-e6r9-xka7

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

vulnerability	VCID-qzyq-d6qk-67ag

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.25

url pkg:apache/tomcat@6.0.14

purl pkg:apache/tomcat@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.14

aliases CVE-2007-2450, GHSA-5c5p-jxvx-x7j2

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kaem-zczd-pyhu

url VCID-nmvx-w2sz-2kge

vulnerability_id VCID-nmvx-w2sz-2kge

summary

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3386.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3386.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3386

reference_id

reference_type

scores

value	0.73782
scoring_system	epss
scoring_elements	0.98837
published_at	2026-06-04T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98839
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3386

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=247994
reference_id	247994
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=247994

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386

reference_id

CVE-2007-3386

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30495.html
reference_id	CVE-2007-3386;OSVDB-36417
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30495.html

reference_url	https://www.securityfocus.com/bid/25314/info
reference_id	CVE-2007-3386;OSVDB-36417
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/25314/info

reference_url	https://access.redhat.com/errata/RHSA-2007:0871
reference_id	RHSA-2007:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0871

reference_url	https://access.redhat.com/errata/RHSA-2007:0876
reference_id	RHSA-2007:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0876

fixed_packages

url pkg:apache/tomcat@5.5.25

purl pkg:apache/tomcat@5.5.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bv96-e6r9-xka7

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

vulnerability	VCID-qzyq-d6qk-67ag

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.25

url pkg:apache/tomcat@6.0.14

purl pkg:apache/tomcat@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.14

aliases CVE-2007-3386

risk_score 5.4

exploitability 2.0

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmvx-w2sz-2kge

url VCID-qz87-x4zb-rud7

vulnerability_id VCID-qz87-x4zb-rud7

summary

Exposure of Sensitive Information to an Unauthorized Actor
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

references

reference_url

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

reference_url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3382

reference_id

reference_type

scores

value	0.81412
scoring_system	epss
scoring_elements	0.99195
published_at	2026-06-05T12:55:00Z

value	0.81412
scoring_system	epss
scoring_elements	0.99194
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3382

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/36006

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/36006

reference_url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0871.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0871.html

reference_url

http://www.redhat.com/support/errata/RHSA-2007-0950.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0950.html

reference_url

http://www.redhat.com/support/errata/RHSA-2008-0195.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2008-0195.html

reference_url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=247972
reference_id	247972
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=247972

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382

reference_id

CVE-2007-3382

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-3382

reference_id

CVE-2007-3382

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-3382

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30496.txt
reference_id	CVE-2007-3382;OSVDB-37070
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30496.txt

reference_url	https://www.securityfocus.com/bid/25316/info
reference_id	CVE-2007-3382;OSVDB-37070
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/25316/info

reference_url

https://github.com/advisories/GHSA-qff8-g48j-pwpw

reference_id

GHSA-qff8-g48j-pwpw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qff8-g48j-pwpw

reference_url	https://access.redhat.com/errata/RHSA-2007:0871
reference_id	RHSA-2007:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0871

reference_url	https://access.redhat.com/errata/RHSA-2007:0876
reference_id	RHSA-2007:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0876

reference_url	https://access.redhat.com/errata/RHSA-2007:0950
reference_id	RHSA-2007:0950
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0950

reference_url	https://access.redhat.com/errata/RHSA-2007:1069
reference_id	RHSA-2007:1069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:1069

reference_url	https://access.redhat.com/errata/RHSA-2008:0195
reference_id	RHSA-2008:0195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0195

fixed_packages

url pkg:apache/tomcat@5.5.25

purl pkg:apache/tomcat@5.5.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bv96-e6r9-xka7

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

vulnerability	VCID-qzyq-d6qk-67ag

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.25

url pkg:apache/tomcat@6.0.14

purl pkg:apache/tomcat@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.14

aliases CVE-2007-3382, GHSA-qff8-g48j-pwpw

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz87-x4zb-rud7

url VCID-uwuf-vukf-cqck

vulnerability_id VCID-uwuf-vukf-cqck

summary

Apache Tomcat Mishandles Character Sequence in Cookies
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the `\"` character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

references

reference_url

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

reference_url

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

reference_url

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

reference_url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3385

reference_id

reference_type

scores

value	0.74714
scoring_system	epss
scoring_elements	0.9888
published_at	2026-06-04T12:55:00Z

value	0.74714
scoring_system	epss
scoring_elements	0.98883
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3385

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/35999

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/35999

reference_url

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/993544

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/993544

reference_url

http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

reference_url

http://www.redhat.com/support/errata/RHSA-2007-0871.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0871.html

reference_url

http://www.redhat.com/support/errata/RHSA-2007-0950.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0950.html

reference_url

http://www.redhat.com/support/errata/RHSA-2008-0195.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2008-0195.html

reference_url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=247976
reference_id	247976
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=247976

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385

reference_id

CVE-2007-3385

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-3385

reference_id

CVE-2007-3385

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-3385

reference_url

https://github.com/advisories/GHSA-6j8f-66vh-39mj

reference_id

GHSA-6j8f-66vh-39mj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6j8f-66vh-39mj

reference_url	https://access.redhat.com/errata/RHSA-2007:0871
reference_id	RHSA-2007:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0871

reference_url	https://access.redhat.com/errata/RHSA-2007:0876
reference_id	RHSA-2007:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0876

reference_url	https://access.redhat.com/errata/RHSA-2007:0950
reference_id	RHSA-2007:0950
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0950

reference_url	https://access.redhat.com/errata/RHSA-2007:1069
reference_id	RHSA-2007:1069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:1069

reference_url	https://access.redhat.com/errata/RHSA-2008:0195
reference_id	RHSA-2008:0195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0195

fixed_packages

url pkg:apache/tomcat@5.5.25

purl pkg:apache/tomcat@5.5.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bv96-e6r9-xka7

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

vulnerability	VCID-qzyq-d6qk-67ag

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.25

url pkg:apache/tomcat@6.0.14

purl pkg:apache/tomcat@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.14

aliases CVE-2007-3385, GHSA-6j8f-66vh-39mj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwuf-vukf-cqck

url VCID-w8uj-zy2r-fyca

vulnerability_id VCID-w8uj-zy2r-fyca

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

references

reference_url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2007-2449

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json

reference_url

reference_id

reference_type

scores

value	0.5214
scoring_system	epss
scoring_elements	0.97972
published_at	2026-06-05T12:55:00Z

value	0.5214
scoring_system	epss
scoring_elements	0.97969
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-2449

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/34869

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/34869

reference_url

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0569.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2007-0569.html

reference_url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2008-0261.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=244804
reference_id	244804
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=244804

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449

reference_id

CVE-2007-2449

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-2449

reference_id

CVE-2007-2449

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-2449

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30189.txt
reference_id	CVE-2007-2449;OSVDB-36080
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/30189.txt

reference_url	https://www.securityfocus.com/bid/24476/info
reference_id	CVE-2007-2449;OSVDB-36080
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/24476/info

reference_url

https://github.com/advisories/GHSA-hc39-rjwp-qffq

reference_id

GHSA-hc39-rjwp-qffq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hc39-rjwp-qffq

reference_url	https://access.redhat.com/errata/RHSA-2007:0569
reference_id	RHSA-2007:0569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0569

reference_url	https://access.redhat.com/errata/RHSA-2007:0876
reference_id	RHSA-2007:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0876

reference_url	https://access.redhat.com/errata/RHSA-2008:0630
reference_id	RHSA-2008:0630
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0630

fixed_packages

url pkg:apache/tomcat@5.5.25

purl pkg:apache/tomcat@5.5.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bv96-e6r9-xka7

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

vulnerability	VCID-qzyq-d6qk-67ag

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.25

url pkg:apache/tomcat@6.0.14

purl pkg:apache/tomcat@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-qdvn-uc56-6fds

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.14

aliases CVE-2007-2449, GHSA-hc39-rjwp-qffq

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8uj-zy2r-fyca

Fixing_vulnerabilities

url VCID-ypuq-2mr2-sybb

vulnerability_id VCID-ypuq-2mr2-sybb

summary

Apache Tomcat Vulnerable to Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

references

reference_url

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

reference_url

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

reference_url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1355

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1355.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1355.json

reference_url

reference_id

reference_type

scores

value	0.82449
scoring_system	epss
scoring_elements	0.99248
published_at	2026-06-04T12:55:00Z

value	0.82449
scoring_system	epss
scoring_elements	0.99249
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1355

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111

reference_url

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

reference_url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url