Search for vulnerabilities
Vulnerability details: VCID-8mnn-61dd-aaaj
Vulnerability ID VCID-8mnn-61dd-aaaj
Aliases CVE-2007-1358
GHSA-xmc9-6p56-3c4v
Summary CVE-2007-1358 tomcat accept-language xss flaw
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
generic_textual MODERATE http://docs.info.apple.com/article.html?artnum=306172
generic_textual LOW http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
generic_textual MODERATE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2008-0630.html
rhas Important https://access.redhat.com/errata/RHSA-2007:0326
rhas Important https://access.redhat.com/errata/RHSA-2007:0327
rhas Important https://access.redhat.com/errata/RHSA-2007:0328
rhas Important https://access.redhat.com/errata/RHSA-2007:0360
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0876
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0261
rhas Low https://access.redhat.com/errata/RHSA-2008:0524
rhas Low https://access.redhat.com/errata/RHSA-2008:0630
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0602
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.51554 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.56949 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.60716 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.61188 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.62909 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.62909 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.62909 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
epss 0.72879 https://api.first.org/data/v1/epss?cve=CVE-2007-1358
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=244803
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358
generic_textual MODERATE http://secunia.com/advisories/30899
generic_textual MODERATE http://secunia.com/advisories/30908
generic_textual MODERATE http://secunia.com/advisories/31493
generic_textual MODERATE http://secunia.com/advisories/33668
cvssv3.1_qr LOW https://github.com/advisories/GHSA-xmc9-6p56-3c4v
cvssv3.1 4.2 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
cvssv2 2.6 https://nvd.nist.gov/vuln/detail/CVE-2007-1358
generic_textual LOW http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
generic_textual LOW http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
generic_textual LOW https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
cvssv3.1 4.2 http://tomcat.apache.org/security-4.html
generic_textual MODERATE http://tomcat.apache.org/security-4.html
generic_textual LOW http://www.redhat.com/support/errata/RHSA-2008-0261.html
generic_textual MODERATE http://www.securityfocus.com/archive/1/500396/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/archive/1/500412/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/bid/25159
generic_textual MODERATE http://www.vupen.com/english/advisories/2007/1729
generic_textual MODERATE http://www.vupen.com/english/advisories/2008/1979/references
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/0233
Reference id Reference type URL
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://docs.info.apple.com/article.html?artnum=306172
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://jvn.jp/jp/JVN%2316535199/index.html
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://osvdb.org/34881
http://rhn.redhat.com/errata/RHSA-2008-0630.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1358
http://secunia.com/advisories/25721
http://secunia.com/advisories/26235
http://secunia.com/advisories/26660
http://secunia.com/advisories/27037
http://secunia.com/advisories/27727
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/31493
http://secunia.com/advisories/33668
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://tomcat.apache.org/security-4.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/471719/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/bid/24524
http://www.securityfocus.com/bid/25159
http://www.securitytracker.com/id?1018269
http://www.vupen.com/english/advisories/2007/1729
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3087
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2009/0233
244803 https://bugzilla.redhat.com/show_bug.cgi?id=244803
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
CVE-2007-1358 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358
CVE-2007-1358 https://nvd.nist.gov/vuln/detail/CVE-2007-1358
GHSA-xmc9-6p56-3c4v https://github.com/advisories/GHSA-xmc9-6p56-3c4v
RHSA-2007:0326 https://access.redhat.com/errata/RHSA-2007:0326
RHSA-2007:0327 https://access.redhat.com/errata/RHSA-2007:0327
RHSA-2007:0328 https://access.redhat.com/errata/RHSA-2007:0328
RHSA-2007:0360 https://access.redhat.com/errata/RHSA-2007:0360
RHSA-2007:0876 https://access.redhat.com/errata/RHSA-2007:0876
RHSA-2008:0261 https://access.redhat.com/errata/RHSA-2008:0261
RHSA-2008:0524 https://access.redhat.com/errata/RHSA-2008:0524
RHSA-2008:0630 https://access.redhat.com/errata/RHSA-2008:0630
RHSA-2010:0602 https://access.redhat.com/errata/RHSA-2010:0602
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1358
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://tomcat.apache.org/security-4.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.97695
EPSS Score 0.51554
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.