Lucene search

[email protected]NVD:CVE-2007-2449

HistoryJun 14, 2007 - 11:30 p.m.

CVE-2007-2449

2007-06-1423:30:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ‘;’ character, as demonstrated by a URI containing a “snp/snoop.jsp;” sequence.

Affected configurations

Nvd

Node

apachetomcatRange≤4.1.36

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch5.0.0

apachetomcatMatch5.0.1

apachetomcatMatch5.0.2

apachetomcatMatch5.0.3

apachetomcatMatch5.0.4

apachetomcatMatch5.0.5

apachetomcatMatch5.0.6

apachetomcatMatch5.0.7

apachetomcatMatch5.0.8

apachetomcatMatch5.0.9

apachetomcatMatch5.0.10

apachetomcatMatch5.0.11

apachetomcatMatch5.0.12

apachetomcatMatch5.0.13

apachetomcatMatch5.0.14

apachetomcatMatch5.0.15

apachetomcatMatch5.0.16

apachetomcatMatch5.0.17

apachetomcatMatch5.0.18

apachetomcatMatch5.0.19

apachetomcatMatch5.0.21

apachetomcatMatch5.0.22

apachetomcatMatch5.0.23

apachetomcatMatch5.0.24

apachetomcatMatch5.0.25

apachetomcatMatch5.0.26

apachetomcatMatch5.0.27

apachetomcatMatch5.0.28

apachetomcatMatch5.0.29

apachetomcatMatch5.0.30

apachetomcatMatch5.5.0

apachetomcatMatch5.5.1

apachetomcatMatch5.5.2

apachetomcatMatch5.5.3

apachetomcatMatch5.5.4

apachetomcatMatch5.5.5

apachetomcatMatch5.5.6

apachetomcatMatch5.5.7

apachetomcatMatch5.5.8

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

osvdb.org/36080

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/26076

secunia.com/advisories/27037

secunia.com/advisories/27727

secunia.com/advisories/29392

secunia.com/advisories/30802

secunia.com/advisories/31493

secunia.com/advisories/33668

securityreason.com/securityalert/2804

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.mandriva.com/security/advisories?name=MDKSA-2007:241

www.redhat.com/support/errata/RHSA-2007-0569.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/471351/100/0/threaded

www.securityfocus.com/archive/1/500396/100/0/threaded

www.securityfocus.com/archive/1/500412/100/0/threaded

www.securityfocus.com/bid/24476

www.securitytracker.com/id?1018245

www.vupen.com/english/advisories/2007/2213

www.vupen.com/english/advisories/2007/3386

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2009/0233

exchange.xforce.ibmcloud.com/vulnerabilities/34869

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON

Related for NVD:CVE-2007-2449

nessus24 ubuntucve1 veracode1 github1 securityvulns3 cvelist1 prion1 osv1 packetstorm1 jvn1 cve1 openvas28 redhat5 oraclelinux1 centos1 tomcat3 fedora5 altlinux1 ibm1