CVE-2007-3384 — Apache Tomcat's CookieExample Vulnerable to XSS

Description

Multiple cross-site scripting (XSS) vulnerabilities in `examples/servlet/CookieExample` in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

How to fix CVE-2007-3384

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.apache.tomcat:tomcat—no fix listed

Is CVE-2007-3384 being exploited?

Moderate — EPSS is 6.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 3.3.0, <= 3.3.2

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-3384
WEBweb.archive.org/web/20070824135030/http://securityreason.com/securityalert/2971
WEBweb.archive.org/web/20071117100258/http://securitytracker.com/alerts/2007/Aug/1018503.html
WEBweb.archive.org/web/20170323011513/http://www.securityfocus.com/bid/25174