CVE-2007-3503

Description

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Category

4.3
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 0.94% Top 25%
Vendor Advisory redhat.com Vendor Advisory bea.com Vendor Advisory sun.com Vendor Advisory apple.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory redhat.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.redhat.com/support/errata/RHSA-2007-0818.html third party advisory vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704 vdb entry third party advisory signature
http://secunia.com/advisories/26933 third party advisory
http://docs.info.apple.com/article.html?artnum=307177 third party advisory
http://osvdb.org/36488 vdb entry broken link
http://secunia.com/advisories/26314 third party advisory
http://dev2dev.bea.com/pub/advisory/248 third party advisory vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35168 vdb entry third party advisory
http://secunia.com/advisories/25769 third party advisory
http://secunia.com/advisories/26369 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1 vendor advisory broken link
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html mailing list third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-0956.html third party advisory vendor advisory
http://secunia.com/advisories/26645 third party advisory
http://www.vupen.com/english/advisories/2007/4224 vdb entry third party advisory
http://www.vupen.com/english/advisories/2007/3009 vdb entry third party advisory
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml third party advisory vendor advisory
http://secunia.com/advisories/28115 third party advisory
http://www.vupen.com/english/advisories/2007/2383 vdb entry third party advisory
http://secunia.com/advisories/27203 third party advisory
http://www.securitytracker.com/id?1018327 vdb entry third party advisory
http://www.redhat.com/support/errata/RHSA-2007-0829.html third party advisory vendor advisory
http://www.securityfocus.com/bid/24690 vdb entry third party advisory
http://secunia.com/advisories/26631 third party advisory

Frequently Asked Questions

What is the severity of CVE-2007-3503?
CVE-2007-3503 has been scored as a medium severity vulnerability.
How to fix CVE-2007-3503?
To fix CVE-2007-3503, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-3503 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2007-3503 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.