Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Remediation

References

CVE-2007-1358

Related Vulnerabilities

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.136.3)

WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder Security Bypass (7.8.7)

Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)

WordPress Plugin FormCraft-Premium WordPress Form Builder Cross-Site Scripting (3.2.31)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-1912)

Severity

Low

Classification

CVE-2007-1358 CWE-707

Tags

Missing Update Known Vulnerabilities