Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Remediation

References

CVE-2007-1358

Related Vulnerabilities

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.20)

WordPress Plugin Mobile blocks Security Bypass (1.0)

WordPress Plugin WPMovieLibrary Multiple Cross-Site Scripting Vulnerabilities (2.1.4.1)

Apache HTTP Server Other Vulnerability (CVE-2021-30641)

PHP Other Vulnerability (CVE-2007-1412)

Severity

Low

Classification

CVE-2007-1358 CWE-707

Tags

Missing Update Known Vulnerabilities