Search for vulnerabilities
Vulnerability details: VCID-9mbq-dvdg-aaah
Vulnerability ID VCID-9mbq-dvdg-aaah
Aliases CVE-2007-3386
Summary CVE-2007-3386 tomcat host manager xss
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
generic_textual LOW http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
generic_textual LOW http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
cvssv3.1 5.3 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0871
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0876
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01203 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01844 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01844 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01844 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.01844 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.44232 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
epss 0.46127 https://api.first.org/data/v1/epss?cve=CVE-2007-3386
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=247994
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
generic_textual MODERATE http://secunia.com/advisories/33668
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-3386
generic_textual LOW http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
generic_textual LOW https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
generic_textual MODERATE http://www.debian.org/security/2008/dsa-1447
generic_textual LOW http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2007-0871.html
generic_textual MODERATE http://www.securityfocus.com/archive/1/500396/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/archive/1/500412/100/0/threaded
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/0233
Reference id Reference type URL
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
http://jvn.jp/jp/JVN%2359851336/index.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://osvdb.org/36417
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3386.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3386
http://secunia.com/advisories/26465
http://secunia.com/advisories/26898
http://secunia.com/advisories/27037
http://secunia.com/advisories/27267
http://secunia.com/advisories/27727
http://secunia.com/advisories/28317
http://secunia.com/advisories/33668
http://securityreason.com/securityalert/3010
http://securitytracker.com/id?1018558
https://exchange.xforce.ibmcloud.com/vulnerabilities/36001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2008/dsa-1447
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://www.redhat.com/support/errata/RHSA-2007-0871.html
http://www.securityfocus.com/archive/1/476448/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/bid/25314
http://www.vupen.com/english/advisories/2007/2880
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2007/3527
http://www.vupen.com/english/advisories/2009/0233
247994 https://bugzilla.redhat.com/show_bug.cgi?id=247994
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
CVE-2007-3386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
CVE-2007-3386 https://nvd.nist.gov/vuln/detail/CVE-2007-3386
CVE-2007-3386;OSVDB-36417 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30495.html
CVE-2007-3386;OSVDB-36417 Exploit https://www.securityfocus.com/bid/25314/info
RHSA-2007:0871 https://access.redhat.com/errata/RHSA-2007:0871
RHSA-2007:0876 https://access.redhat.com/errata/RHSA-2007:0876
Data source Exploit-DB
Date added Aug. 14, 2007
Description Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting
Ransomware campaign use Known
Source publication date Aug. 14, 2007
Exploit type remote
Platform multiple
Source update date Dec. 25, 2013
Source URL https://www.securityfocus.com/bid/25314/info
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3386
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.85664
EPSS Score 0.01203
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.