Back to search
CVE-2006-7196
Published: May 9, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://tomcat.apache.org/security-4.html
x_refsource_CONFIRM
34888
vdb-entry
x_refsource_OSVDB
29242
third-party-advisory
x_refsource_SECUNIA
20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
mailing-list
x_refsource_BUGTRAQ
SUSE-SR:2008:005
vendor-advisory
x_refsource_SUSE
33668
third-party-advisory
x_refsource_SECUNIA
20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
25531
vdb-entry
x_refsource_BID
ADV-2007-1729
vdb-entry
x_refsource_VUPEN
ADV-2009-0233
vdb-entry
x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
x_refsource_CONFIRM
20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability
mailing-list
x_refsource_BUGTRAQ
http://tomcat.apache.org/security-5.html
x_refsource_CONFIRM
RHSA-2008:0261
vendor-advisory
x_refsource_REDHAT
20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability
mailing-list
x_refsource_BUGTRAQ
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
x_refsource_CONFIRM
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now