CVE-2007-1358

low

Apache

CVSS v3 Base Score

2.6

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS Score

39.9%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

None

Integrity

Availability

None

Published: May 10, 2007 (6944 days ago)

Last Modified: April 23, 2026

Vendor: Apache

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

CWE

CWE-79

Affected Products

apache tomcat

References

🔗 community.ca.com 🔗 docs.info.apple.com 🔗 h20000.www2.hp.com 🔗 jvn.jp 🔗 lists.apple.com

CVE-2007-1358

Vulnerability Report

Description

CWE

Affected Products

References