Lucene search

[email protected]CVE-2007-2449

HistoryJun 14, 2007 - 11:30 p.m.

CVE-2007-2449

2007-06-1423:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2449

cross-site scripting

xss

apache tomcat

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ‘;’ character, as demonstrated by a URI containing a “snp/snoop.jsp;” sequence.

Affected configurations

NVD

Node

apachetomcatRange≤4.1.36

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch5.0.0

apachetomcatMatch5.0.1

apachetomcatMatch5.0.2

apachetomcatMatch5.0.3

apachetomcatMatch5.0.4

apachetomcatMatch5.0.5

apachetomcatMatch5.0.6

apachetomcatMatch5.0.7

apachetomcatMatch5.0.8

apachetomcatMatch5.0.9

apachetomcatMatch5.0.10

apachetomcatMatch5.0.11

apachetomcatMatch5.0.12

apachetomcatMatch5.0.13

apachetomcatMatch5.0.14

apachetomcatMatch5.0.15

apachetomcatMatch5.0.16

apachetomcatMatch5.0.17

apachetomcatMatch5.0.18

apachetomcatMatch5.0.19

apachetomcatMatch5.0.21

apachetomcatMatch5.0.22

apachetomcatMatch5.0.23

apachetomcatMatch5.0.24

apachetomcatMatch5.0.25

apachetomcatMatch5.0.26

apachetomcatMatch5.0.27

apachetomcatMatch5.0.28

apachetomcatMatch5.0.29

apachetomcatMatch5.0.30

apachetomcatMatch5.5.0

apachetomcatMatch5.5.1

apachetomcatMatch5.5.2

apachetomcatMatch5.5.3

apachetomcatMatch5.5.4

apachetomcatMatch5.5.5

apachetomcatMatch5.5.6

apachetomcatMatch5.5.7

apachetomcatMatch5.5.8

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

CPENameOperatorVersion
apache:tomcatapache tomcatle4.1.36
apache:tomcatapache tomcateq4.0.0
apache:tomcatapache tomcateq4.0.1
apache:tomcatapache tomcateq4.0.2
apache:tomcatapache tomcateq4.0.3
apache:tomcatapache tomcateq4.0.4
apache:tomcatapache tomcateq4.0.5
apache:tomcatapache tomcateq5.0.0
apache:tomcatapache tomcateq5.0.1
apache:tomcatapache tomcateq5.0.2

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	le	4.1.36
apache:tomcat	apache tomcat	eq	4.0.0
apache:tomcat	apache tomcat	eq	4.0.1
apache:tomcat	apache tomcat	eq	4.0.2
apache:tomcat	apache tomcat	eq	4.0.3
apache:tomcat	apache tomcat	eq	4.0.4
apache:tomcat	apache tomcat	eq	4.0.5
apache:tomcat	apache tomcat	eq	5.0.0
apache:tomcat	apache tomcat	eq	5.0.1
apache:tomcat	apache tomcat	eq	5.0.2

Rows per page:

1-10 of 731

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

osvdb.org/36080

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/26076

secunia.com/advisories/27037

secunia.com/advisories/27727

secunia.com/advisories/29392

secunia.com/advisories/30802

secunia.com/advisories/31493

secunia.com/advisories/33668

securityreason.com/securityalert/2804

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.mandriva.com/security/advisories?name=MDKSA-2007:241

www.redhat.com/support/errata/RHSA-2007-0569.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/471351/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/24476

www.securitytracker.com/id?1018245

www.vupen.com/english/advisories/2007/2213

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2009/0233

exchange.xforce.ibmcloud.com/vulnerabilities/34869

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2007-2449

nessus24 osv1 nvd1 prion1 packetstorm1 cvelist1 ubuntucve1 veracode1 github1 securityvulns3 jvn1 openvas28 redhat5 oraclelinux1 centos1 tomcat3 fedora5 altlinux1 ibm1