Lucene search

PRIOn knowledge basePRION:CVE-2007-2450

HistoryJun 14, 2007 - 11:30 p.m.

Cross site scripting

2007-06-1423:30:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

90.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

CPENameOperatorVersion
tomcateq4.1.2
tomcateq4.0.4
tomcateq4.1.36
tomcateq4.1.9 beta
tomcateq5.5.18
tomcateq5.0.8
tomcateq5.0.19
tomcateq6.0.6
tomcateq6.0.11
tomcateq5.5.12

Name	Operator	Version
tomcat	eq	4.1.2
tomcat	eq	4.0.4
tomcat	eq	4.1.36
tomcat	eq	4.1.9 beta
tomcat	eq	5.5.18
tomcat	eq	5.0.8
tomcat	eq	5.0.19
tomcat	eq	6.0.6
tomcat	eq	6.0.11
tomcat	eq	5.5.12

Rows per page:

1-10 of 881

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

jvn.jp/jp/JVN%2307100457/index.html

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

secunia.com/advisories/25678

secunia.com/advisories/26076

secunia.com/advisories/27037

secunia.com/advisories/27727

secunia.com/advisories/28549

secunia.com/advisories/30802

secunia.com/advisories/30899

secunia.com/advisories/30908

secunia.com/advisories/33668

securityreason.com/securityalert/2813

sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2008/dsa-1468

www.mandriva.com/security/advisories?name=MDKSA-2007:241

www.osvdb.org/36079

www.redhat.com/support/errata/RHSA-2007-0569.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/471357/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/24475

www.securitytracker.com/id?1018245

www.vupen.com/english/advisories/2007/2213

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2008/1979/references

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2009/0233

exchange.xforce.ibmcloud.com/vulnerabilities/34868

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html