CVE-2007-3383 — Apache Tomcat SendMailServlet XSS

Description

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (`examples/jsp/mail/sendmail.jsp`) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

How to fix CVE-2007-3383

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.apache.tomcat:tomcat—no fix listed

Is CVE-2007-3383 being exploited?

Moderate — EPSS is 38.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 4.0.0, <= 4.0.6

References (10)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-3383
WEBlists.apple.com/archives/security-announce/2008//Jun/msg00002.html
WEBseclists.org/fulldisclosure/2007/Jul/0448.html
WEBexchange.xforce.ibmcloud.com/vulnerabilities/35536