Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-7196 | First vendor Publication | 2007-05-09 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34888 | Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_32.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4992.nasl - Type : ACT_GATHER_INFO |
2008-02-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-4990.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Apache Tomcat web server contains a JSP application that is affect... File : tomcat_sample_cal2_xss.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:47:57 |
|
2023-02-13 09:29:27 |
|
2023-02-03 00:28:55 |
|
2021-05-04 12:05:08 |
|
2021-04-22 01:05:40 |
|
2020-05-24 01:03:16 |
|
2020-05-23 00:19:00 |
|
2019-03-25 17:18:56 |
|
2019-03-21 21:19:08 |
|
2018-10-16 21:19:45 |
|
2016-10-15 12:01:14 |
|
2016-06-28 16:02:45 |
|
2016-04-26 15:34:20 |
|
2014-02-17 10:38:22 |
|
2013-05-11 11:19:14 |
|