Lucene search

[email protected]CVE-2007-2450

HistoryJun 14, 2007 - 11:30 p.m.

CVE-2007-2450

2007-06-1423:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2007

2450

xss

vulnerabilities

apache tomcat

web applications

manager

host manager

remote authenticated users

web script

html

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

90.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Affected configurations

NVD

Node

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch4.0.6

apachetomcatMatch4.1.0

apachetomcatMatch4.1.1

apachetomcatMatch4.1.2

apachetomcatMatch4.1.3

apachetomcatMatch4.1.3beta

apachetomcatMatch4.1.9beta

apachetomcatMatch4.1.10

apachetomcatMatch4.1.15

apachetomcatMatch4.1.24

apachetomcatMatch4.1.28

apachetomcatMatch4.1.31

apachetomcatMatch4.1.36

apachetomcatMatch5.0.0

apachetomcatMatch5.0.1

apachetomcatMatch5.0.2

apachetomcatMatch5.0.3

apachetomcatMatch5.0.4

apachetomcatMatch5.0.5

apachetomcatMatch5.0.6

apachetomcatMatch5.0.7

apachetomcatMatch5.0.8

apachetomcatMatch5.0.9

apachetomcatMatch5.0.10

apachetomcatMatch5.0.11

apachetomcatMatch5.0.12

apachetomcatMatch5.0.13

apachetomcatMatch5.0.14

apachetomcatMatch5.0.15

apachetomcatMatch5.0.16

apachetomcatMatch5.0.17

apachetomcatMatch5.0.18

apachetomcatMatch5.0.19

apachetomcatMatch5.0.21

apachetomcatMatch5.0.22

apachetomcatMatch5.0.23

apachetomcatMatch5.0.24

apachetomcatMatch5.0.25

apachetomcatMatch5.0.26

apachetomcatMatch5.0.27

apachetomcatMatch5.0.28

apachetomcatMatch5.0.29

apachetomcatMatch5.0.30

apachetomcatMatch5.5.0

apachetomcatMatch5.5.1

apachetomcatMatch5.5.2

apachetomcatMatch5.5.3

apachetomcatMatch5.5.4

apachetomcatMatch5.5.5

apachetomcatMatch5.5.6

apachetomcatMatch5.5.7

apachetomcatMatch5.5.8

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch5.5.23

apachetomcatMatch5.5.24

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

CPENameOperatorVersion
apache:tomcatapache tomcateq4.0.0
apache:tomcatapache tomcateq4.0.1
apache:tomcatapache tomcateq4.0.2
apache:tomcatapache tomcateq4.0.3
apache:tomcatapache tomcateq4.0.4
apache:tomcatapache tomcateq4.0.5
apache:tomcatapache tomcateq4.0.6
apache:tomcatapache tomcateq4.1.0
apache:tomcatapache tomcateq4.1.1
apache:tomcatapache tomcateq4.1.2

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	4.0.0
apache:tomcat	apache tomcat	eq	4.0.1
apache:tomcat	apache tomcat	eq	4.0.2
apache:tomcat	apache tomcat	eq	4.0.3
apache:tomcat	apache tomcat	eq	4.0.4
apache:tomcat	apache tomcat	eq	4.0.5
apache:tomcat	apache tomcat	eq	4.0.6
apache:tomcat	apache tomcat	eq	4.1.0
apache:tomcat	apache tomcat	eq	4.1.1
apache:tomcat	apache tomcat	eq	4.1.2

Rows per page:

1-10 of 871

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

jvn.jp/jp/JVN%2307100457/index.html

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

secunia.com/advisories/25678

secunia.com/advisories/26076

secunia.com/advisories/27037

secunia.com/advisories/27727

secunia.com/advisories/28549

secunia.com/advisories/30802

secunia.com/advisories/30899

secunia.com/advisories/30908

secunia.com/advisories/33668

securityreason.com/securityalert/2813

sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2008/dsa-1468

www.mandriva.com/security/advisories?name=MDKSA-2007:241

www.osvdb.org/36079

www.redhat.com/support/errata/RHSA-2007-0569.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/471357/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/24475

www.securitytracker.com/id?1018245

www.vupen.com/english/advisories/2007/2213

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2008/1979/references

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2009/0233

exchange.xforce.ibmcloud.com/vulnerabilities/34868

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2007-2450

cvelist1 ubuntucve1 prion1 securityvulns4 veracode1 osv2 jvn1 nvd1 github1 nessus19 debian1 openvas26 oraclelinux1 centos1 redhat4 tomcat3 fedora5 altlinux1