{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T16:08:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "34888", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34888"}, {"name": "29242", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29242"}, {"name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"}, {"name": "SUSE-SR:2008:005", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"}, {"name": "33668", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33668"}, {"name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"}, {"name": "25531", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25531"}, {"name": "ADV-2007-1729", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1729"}, {"name": "ADV-2009-0233", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0233"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"}, {"name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:57:40.553Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "34888", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34888"}, {"name": "29242", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29242"}, {"name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"}, {"name": "SUSE-SR:2008:005", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"}, {"name": "33668", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33668"}, {"name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"}, {"name": "25531", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25531"}, {"name": "ADV-2007-1729", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1729"}, {"name": "ADV-2009-0233", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0233"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"}, {"name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-7196", "datePublished": "2007-05-09T22:00:00", "dateReserved": "2007-04-22T00:00:00", "dateUpdated": "2024-08-07T20:57:40.553Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBB47E3B-ECDD-4A05-9920-90696089C4C0", "versionEndIncluding": "4.1.31", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "914E1404-01A2-4F94-AA40-D5EA20F55AD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "81FB1106-B26D-45BE-A511-8E69131BBA52", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "401A213A-FED3-49C0-B823-2E02EA528905", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0BFE5AD8-DB14-4632-9D2A-F2013579CA7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7641278D-3B8B-4CD2-B284-2047B65514A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BB7B9911-E836-4A96-A0E8-D13C957EC0EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D2341C51-A239-4A4A-B0DC-30F18175442C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "13D9B12F-F36A-424E-99BB-E00EF0FCA277", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A8FEEF0-8E57-43B1-8316-228B76E458D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D82F3FAE-91AD-4F0B-A1F7-11C1A97C5ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A3B2802B-E56C-462A-9601-361A9166B5F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "190FB4FD-22A5-4771-8F99-1E260A36A474", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4BD3785E-3A09-4BE4-96C7-619B8A7D5062", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "285F7969-09F6-48CC-89CE-928225A53CDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3B9EDACC-0300-4DA7-B1CD-5F7A6029AF38", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "6B387EF0-94AD-4C8E-8CD4-4F5F706481BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA486065-18D5-4425-ADA5-284101919564", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A0141E20-2E3D-4CD0-A757-D7CA98499CCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "9E62493D-FEAE-49E8-A293-CE18451D0264", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "FA01AB58-CAB2-420A-9899-EAB153DD898A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "D731AFDD-9C33-4DC8-9BC6-06BB51048752", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "01706205-1369-4E5D-8936-723DA980CA9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "0DC4A52C-6FBC-420A-885A-F72BC1DBAEC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "3A1C882D-949B-40B9-BC9F-E7FCE4FE7C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "9A1451D2-B905-4AD7-9BD7-10CF2A12BA34", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "C505696B-10E4-4B99-A598-40FA0DA39F7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "9EB2F3D8-25A1-408E-80D0-59D52A901284", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "C3904E9A-585A-4005-B2E9-13538535383D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "AA1934BF-83E3-4B0B-A1DF-391A5332CE39", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "F06B9809-5BFA-4DB9-8753-1D8319713879", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "DF6631B0-9F2E-4C5F-AB21-F085A8C1559B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "15625451-E56D-405F-BE9B-B3CB1A35E929", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "97ADBDC4-B669-467D-9A07-9A2DD8B68374", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "8DA876C8-4417-4C35-9FEC-278D45CE6E92", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "03C08A88-9377-4B32-8173-EE2D121B06D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "F7225A43-8EAE-4DA6-BBDC-4418D5444767", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "A46C0933-3B19-40EA-8DED-2BF25AB85C17", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "34672E90-C220-436B-9143-480941227933", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el ejemplo de aplicaci\u00f3n de calendario en Apache Tomcat versi\u00f3n 4.0.0 hasta 4.0.6, versi\u00f3n 4.1.0 hasta 4.1.31, versi\u00f3n 5.0.0 hasta 5.0.30 y versi\u00f3n 5.5.0 hasta 5.5.15 permite a atacantes remotos inyectar script web o HTML arbitrarias por medio del par\u00e1metro time hacia el archivo cal2.jsp y posiblemente otros vectores no especificados. NOTA: esto puede estar relacionado con CVE-2006-0254.1."}], "id": "CVE-2006-7196", "lastModified": "2023-11-07T01:59:58.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-05-10T00:19:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/34888"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29242"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33668"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"}, {"source": "secalert@redhat.com", "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"}, {"source": "secalert@redhat.com", "url": "http://tomcat.apache.org/security-4.html"}, {"source": "secalert@redhat.com", "url": "http://tomcat.apache.org/security-5.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/25531"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1729"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/0233"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jabberd-0:2.0s10-3.37.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "openmotif21-0:2.1.30-9.RHEL3.8", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "perl-Crypt-CBC-0:2.24-1.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-apache-0:1.3.27-36.rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modjk-0:1.2.23-2rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modperl-0:1.29-16.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2007:0340", "cpe": "cpe:/a:redhat:rhel_application_server:1", "package": "tomcat5-0:5.0.30-0jpp_5rh", "product_name": "RHAPS Version 1 for RHEL 3", "release_date": "2007-05-08T00:00:00Z"}, {"advisory": "RHSA-2007:0326", "cpe": "cpe:/a:redhat:rhel_application_server:2", "package": "jakarta-commons-modeler-0:2.0-3jpp_2rh", "product_name": "RHAPS Version 2 for RHEL 4", "release_date": "2007-05-21T00:00:00Z"}, {"advisory": "RHSA-2007:0326", "cpe": "cpe:/a:redhat:rhel_application_server:2", "package": "tomcat5-0:5.5.23-0jpp_4rh.3", "product_name": "RHAPS Version 2 for RHEL 4", "release_date": "2007-05-21T00:00:00Z"}], "bugzilla": {"description": "tomcat XSS in example webapps", "id": "238131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131"}, "csaw": false, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1."], "name": "CVE-2006-7196", "public_date": "2007-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-7196\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-7196"], "threat_severity": "Moderate"}