Red Hat Customer Portal

Skip to main content

CVE-2007-1358

Impact:
Low
Public Date:
2007-06-06
CWE:
CWE-79
Bugzilla:
244803: CVE-2007-1358 tomcat accept-language xss flaw

The MITRE CVE dictionary describes this issue as:

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Find out more about CVE-2007-1358 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Certificate System 7.3 for 4AS (xml-commons) RHSA-2010:0602 2010-08-04
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2007:0328 2007-05-24
Red Hat Satellite 5.0 (RHEL v.4 AS) (tomcat5) RHSA-2008:0261 2008-05-20
Red Hat Satellite 5.1 (RHEL v.4 AS) (tomcat5) RHSA-2008:0630 2008-08-13
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (jbossas-ejb3) RHSA-2007:0360 2007-05-24
Red Hat Application Server v2 4AS (tomcat5) RHSA-2007:0876 2007-10-11
Red Hat Satellite v 4.2 (RHEL v.4 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2007:0327 2007-05-14
Red Hat Application Server v2 4AS (tomcat5) RHSA-2007:0326 2007-05-21

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 tomcat5 5.5.23-0jpp.1.0.3.el5 Fixed
Red Hat Enterprise Linux version 5 jakarta-commons-modeler 1.1-8jpp.1.0.2.el5 Fixed

Last Modified