CVE-2007-2449

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

🔗 References (80)

secalert@redhathttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
secalert@redhathttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhathttp://osvdb.org/36080
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2008-0630.html
secalert@redhathttp://secunia.com/advisories/26076
secalert@redhathttp://secunia.com/advisories/27037
secalert@redhathttp://secunia.com/advisories/27727
secalert@redhathttp://secunia.com/advisories/29392
secalert@redhathttp://secunia.com/advisories/30802
secalert@redhathttp://secunia.com/advisories/31493
secalert@redhathttp://secunia.com/advisories/33668
secalert@redhathttp://securityreason.com/securityalert/2804

Is Your Infrastructure Affected by CVE-2007-2449?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-2449

📅 Published

🔄 Last Modified

🔗 References (80)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-2449?