Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
References
Link Providers
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html cve-icon cve-icon
http://osvdb.org/36080 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2008-0630.html cve-icon cve-icon
http://secunia.com/advisories/26076 cve-icon cve-icon
http://secunia.com/advisories/27037 cve-icon cve-icon
http://secunia.com/advisories/27727 cve-icon cve-icon
http://secunia.com/advisories/29392 cve-icon cve-icon
http://secunia.com/advisories/30802 cve-icon cve-icon
http://secunia.com/advisories/31493 cve-icon cve-icon
http://secunia.com/advisories/33668 cve-icon cve-icon
http://securityreason.com/securityalert/2804 cve-icon cve-icon
http://support.apple.com/kb/HT2163 cve-icon cve-icon
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 cve-icon cve-icon
http://tomcat.apache.org/security-4.html cve-icon cve-icon
http://tomcat.apache.org/security-5.html cve-icon cve-icon
http://tomcat.apache.org/security-6.html cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0569.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0261.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/471351/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/500396/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/500412/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/24476 cve-icon cve-icon
http://www.securitytracker.com/id?1018245 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/2213 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3386 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/1981/references cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/0233 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/34869 cve-icon cve-icon
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-2449 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-2449 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-06-14T23:00:00

Updated: 2024-08-07T13:42:33.408Z

Reserved: 2007-05-02T00:00:00

Link: CVE-2007-2449

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-06-14T23:30:00.000

Modified: 2024-11-21T00:30:49.027

Link: CVE-2007-2449

cve-icon Redhat

Severity : Moderate

Publid Date: 2007-06-13T00:00:00Z

Links: CVE-2007-2449 - Bugzilla