Vulnerability Name:
CVE-2006-7196 (CCN-34209)
Assigned:
2007-05-09
Published:
2007-05-09
Updated:
2023-02-13
Summary:
CVSS v3 Severity:
3.7 Low
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
4.3 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.7 Low
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
2.6 Low
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
)
2.2 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Consequences:
Gain Access
References:
Source: CCN
Type: BugTraq Mailing List, Mon Sep 03 2007 - 22:00:44 CDT
Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: CCN
Type: CA Security Response Blog, Jan 23 2009, 06:04 PM
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
Source: MITRE
Type: CNA
CVE-2006-7196
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: CCN
Type: RHSA-2007-0326
Important: tomcat security update
Source: CCN
Type: RHSA-2007-0340
Important: tomcat security update
Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update
Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update
Source: CCN
Type: SA33668
CA Cohesion Application Configuration Manager Apache Tomcat Multiple Vulnerabilities
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: CCN
Type: ASA-2007-206
tomcat security update (RHSA-2007-0326)
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: CCN
Type: Apache Tomcat Web site
Apache Tomcat 4.x vulnerabilities
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: CCN
Type: OSVDB ID: 34888
Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: CCN
Type: BID-25531
Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: XF
Type: UNKNOWN
tomcat-calendar-xss(34209)
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com
Source: CCN
Type: CA20090123-01
Security Notice for Cohesion Tomcat
Source: SUSE
Type: SUSE-SR:2008:005
SUSE Security Summary Report
Vulnerable Configuration:
Configuration CCN 1
:
cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.5:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.6:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.7:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.8:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.0.9:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
AND
cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
OR
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
OR
cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20067196
V
CVE-2006-7196
2015-11-16
BACK
apache
tomcat 4.0.1
apache
tomcat 4.0.3
apache
tomcat 4.0.4
apache
tomcat 5.5.4
apache
tomcat 5.0.19
apache
tomcat 5.0.28
apache
tomcat 5.5.12
apache
tomcat 5.5.9
apache
tomcat 5.5.7
apache
tomcat 5.0.25
apache
tomcat 5.0.0
apache
tomcat 4.0.0
apache
tomcat 4.0.2
apache
tomcat 4.0.5
apache
tomcat 4.0.6
apache
tomcat 4.1.31
apache
tomcat 5.0.1
apache
tomcat 5.0.10
apache
tomcat 5.0.11
apache
tomcat 5.0.12
apache
tomcat 5.0.13
apache
tomcat 5.0.14
apache
tomcat 5.0.15
apache
tomcat 5.0.16
apache
tomcat 5.0.17
apache
tomcat 5.0.18
apache
tomcat 5.0.2
apache
tomcat 5.0.21
apache
tomcat 5.0.22
apache
tomcat 5.0.23
apache
tomcat 5.0.24
apache
tomcat 5.0.26
apache
tomcat 5.0.27
apache
tomcat 5.0.29
apache
tomcat 5.0.3
apache
tomcat 5.0.30
apache
tomcat 5.0.4
apache
tomcat 5.0.5
apache
tomcat 5.0.6
apache
tomcat 5.0.7
apache
tomcat 5.0.8
apache
tomcat 5.0.9
apache
tomcat 5.5.0
apache
tomcat 5.5.1
apache
tomcat 5.5.10
apache
tomcat 5.5.11
apache
tomcat 5.5.13
apache
tomcat 5.5.14
apache
tomcat 5.5.15
apache
tomcat 5.5.2
apache
tomcat 5.5.3
apache
tomcat 5.5.5
apache
tomcat 5.5.6
apache
tomcat 5.5.8
redhat
enterprise linux 3
redhat
enterprise linux 4
redhat
linux advanced workstation 2.1
redhat
enterprise linux 5
redhat
rhel application server 2
Denotes that component is vulnerable