CVE-2006-7195 — Apache Tomcat XSS Vulnerability

Description

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

How to fix CVE-2006-7195

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.apache.tomcat:tomcat—no fix listed

Is CVE-2006-7195 being exploited?

Moderate — EPSS is 11.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 5.0.0, <= 5.0.30

References (20)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2006-7195
PATCHgithub.com/apache/tomcat
WEBaccess.redhat.com/errata/RHSA-2007:0326
WEBaccess.redhat.com/errata/RHSA-2007:0327
WEBaccess.redhat.com/errata/RHSA-2007:0328