CVE-2007-3383 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=4.0.0 <=4.0.6 || >=4.1.0 <=4.1.36

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.36592 pctl0.97016

Details

Apache Tomcat SendMailServlet XSS Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (`examples/jsp/mail/sendmail.jsp`) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

Metadata

Created: 2022-05-01T18:13:14Z
Modified: 2023-09-22T21:05:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wjwr-3jch-479j/GHSA-wjwr-3jch-479j.json
CWE IDs: ["CWE-80"]
Alternative ID: GHSA-wjwr-3jch-479j
Finding: F063
Auto approve: 1