CVE-2007-2449
6.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.968 High
EPSS
Percentile
99.7%
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ‘;’ character, as demonstrated by a URI containing a “snp/snoop.jsp;” sequence.
References
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
osvdb.org/36080
rhn.redhat.com/errata/RHSA-2008-0630.html
secunia.com/advisories/26076
secunia.com/advisories/27037
secunia.com/advisories/27727
secunia.com/advisories/29392
secunia.com/advisories/30802
secunia.com/advisories/31493
secunia.com/advisories/33668
securityreason.com/securityalert/2804
support.apple.com/kb/HT2163
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.mandriva.com/security/advisories?name=MDKSA-2007:241
www.redhat.com/support/errata/RHSA-2007-0569.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.securityfocus.com/archive/1/471351/100/0/threaded
www.securityfocus.com/archive/1/500396/100/0/threaded
www.securityfocus.com/archive/1/500412/100/0/threaded
www.securityfocus.com/bid/24476
www.securitytracker.com/id?1018245
www.vupen.com/english/advisories/2007/2213
www.vupen.com/english/advisories/2007/3386
www.vupen.com/english/advisories/2008/1981/references
www.vupen.com/english/advisories/2009/0233
exchange.xforce.ibmcloud.com/vulnerabilities/34869
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Related
6.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.968 High
EPSS
Percentile
99.7%