Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14bWM5LTZwNTYtM2M0ds2ajQ

Apache Tomcat XSS In Accept-Language Headers

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Permalink: https://github.com/advisories/GHSA-xmc9-6p56-3c4v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14bWM5LTZwNTYtM2M0ds2ajQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: about 1 year ago


EPSS Percentage: 0.72879
EPSS Percentile: 0.98154

Identifiers: GHSA-xmc9-6p56-3c4v, CVE-2007-1358
References: Blast Radius: 0.0

Affected Packages

maven:org.apache.tomcat:tomcat
Dependent packages: 30
Dependent repositories: 438
Downloads:
Affected Version Ranges: >= 4.1.0, <= 4.1.34, >= 4.0.0, <= 4.0.6
No known fixed version
All affected versions: