4.3 - CVE-2006-7195

Executive Summary

Informations
Name	CVE-2006-7195	First vendor Publication	2007-05-09
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10514

Oval ID:	oval:org.mitre.oval:def:10514
Title:	Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
Description:	Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-7195	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND jakarta-commons-modeler is earlier than 0:1.1-8jpp.1.0.2.el5 AND tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND jakarta-commons-modeler-javadoc is earlier than 0:1.1-8jpp.1.0.2.el5 AND tomcat5-webapps is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5 is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5-jasper is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5-server-lib is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5-common-lib is earlier than 0:5.5.23-0jpp.1.0.3.el5 AND tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.1.0.3.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Tomcat cpe:2.3:a:apache:tomcat:5.5.9:::::::* cpe:2.3:a:apache:tomcat:5.5.8:::::::* cpe:2.3:a:apache:tomcat:5.5.7:::::::* cpe:2.3:a:apache:tomcat:5.5.6:::::::* cpe:2.3:a:apache:tomcat:5.5.5:::::::* cpe:2.3:a:apache:tomcat:5.5.17:::::::* cpe:2.3:a:apache:tomcat:5.5.16:::::::* cpe:2.3:a:apache:tomcat:5.5.15:::::::* cpe:2.3:a:apache:tomcat:5.5.14:::::::* cpe:2.3:a:apache:tomcat:5.5.13:::::::* cpe:2.3:a:apache:tomcat:5.5.12:::::::* cpe:2.3:a:apache:tomcat:5.5.11:::::::* cpe:2.3:a:apache:tomcat:5.5.10:::::::* cpe:2.3:a:apache:tomcat:5.5.0:::::::* cpe:2.3:a:apache:tomcat:5.0.30:::::::* cpe:2.3:a:apache:tomcat:5.0.29:::::::* cpe:2.3:a:apache:tomcat:5.0.28:::::::* cpe:2.3:a:apache:tomcat:5.0.27:::::::* cpe:2.3:a:apache:tomcat:5.0.26:::::::* cpe:2.3:a:apache:tomcat:5.0.25:::::::* cpe:2.3:a:apache:tomcat:5.0.24:::::::* cpe:2.3:a:apache:tomcat:5.0.23:::::::* cpe:2.3:a:apache:tomcat:5.0.22:::::::* cpe:2.3:a:apache:tomcat:5.0.21:::::::* cpe:2.3:a:apache:tomcat:5.0.2:::::::* cpe:2.3:a:apache:tomcat:5.0.19:::::::* cpe:2.3:a:apache:tomcat:5.0.18:::::::* cpe:2.3:a:apache:tomcat:5.0.17:::::::* cpe:2.3:a:apache:tomcat:5.0.16:::::::* cpe:2.3:a:apache:tomcat:5.0.15:::::::* cpe:2.3:a:apache:tomcat:5.0.14:::::::* cpe:2.3:a:apache:tomcat:5.0.13:::::::* cpe:2.3:a:apache:tomcat:5.0.12:::::::* cpe:2.3:a:apache:tomcat:5.0.11:::::::* cpe:2.3:a:apache:tomcat:5.0.10:::::::* cpe:2.3:a:apache:tomcat:5.0.1:::::::* cpe:2.3:a:apache:tomcat:5.0.0:::::::*	37

OpenVAS Exploits

Date	Description
2009-02-02	Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl
2009-02-02	Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl
2009-02-02	Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
34887	Apache Tomcat implicit-objects.jsp Crafted Header XSS

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0327.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070717_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-07-09	Name : The remote Apache Tomcat server is affected by a cross-site scripting vulnera... File : tomcat_implicit_obj_xss.nasl - Type : ACT_ATTACK
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO
2008-01-10	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_geronimo-4864.nasl - Type : ACT_GATHER_INFO
2007-05-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO
2007-05-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/28481
BUGTRAQ	http://www.securityfocus.com/archive/1/485938/100/0/threaded http://www.securityfocus.com/archive/1/500396/100/0/threaded http://www.securityfocus.com/archive/1/500412/100/0/threaded
CONFIRM	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-5.html
MLIST	http://lists.vmware.com/pipermail/security-announce/2008/000003.html
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2007-0327.html http://www.redhat.com/support/errata/RHSA-2008-0261.html
SECUNIA	http://secunia.com/advisories/28365 http://secunia.com/advisories/33668
VUPEN	http://www.vupen.com/english/advisories/2007/1729 http://www.vupen.com/english/advisories/2008/0065 http://www.vupen.com/english/advisories/2009/0233

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-02-13 09:29:27	Multiple Updates
2023-02-02 21:28:59	Multiple Updates
2021-05-04 12:05:08	Multiple Updates
2021-04-22 01:05:40	Multiple Updates
2020-05-23 00:19:00	Multiple Updates
2018-10-16 21:19:45	Multiple Updates
2017-10-11 09:23:48	Multiple Updates
2016-04-26 15:34:20	Multiple Updates
2014-02-17 10:38:22	Multiple Updates
2013-05-11 11:19:14	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	37
Sources(s)	17
osvdb(s)	1
Openvas Exploit(s)	3
Nessus® Exploit(s)	9

	Related
5	RHSA-2007:0328
5	RHSA-2007:0327
5	RHSA-2007:0326
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

4.3 - CVE-2006-7195

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU