Total vulnerabilities in the database
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
| Software | From | Fixed in |
|---|---|---|
| apache / tomcat | 4.0.4 | 4.0.4.x |
| apache / tomcat | 4.0.6 | 4.0.6.x |
| apache / tomcat | 4.0.3 | 4.0.3.x |
| apache / tomcat | 4.0.1 | 4.0.1.x |
| apache / tomcat | 4.1.0 | 4.1.0.x |
| apache / tomcat | 4.0.2 | 4.0.2.x |
| apache / tomcat | 4.0.5 | 4.0.5.x |
| apache / tomcat | 4.0.0 | 4.0.0.x |
| apache / tomcat | - | 4.1.31.x |