CVE-2007-2449

Description

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ; character, as demonstrated by a URI containing a snp/snoop.jsp; sequence.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C

EPSS Score

Exploitation Probability

47.724

Associated Vulnerability

Vulnerability	OS Platform
Update Tomcat to 9.5.14	Windows
Update Tomcat to 9.5.5	Windows
Update Tomcat to 9.5.7	Windows
Update Tomcat to 9.5.8	Windows
Update Tomcat to 9.6.10	Windows
Update Tomcat to 9.6.3	Windows
Update Tomcat to 9.6.4	Windows
Update Tomcat to 9.6.7	Windows
Update Tomcat to 9.6.8	Windows
Update Tomcat to 2.4.5	Windows
Update Tomcat to 3.0.14	Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9	Windows
Vulnerabilities CVE-2007-3383,CVE-2007-2449,CVE-2007-1358,CVE-2007-5461,CVE-2007-2450 are affected in Apache - tomcat 4.0.6	Windows
Update Tomcat to 9.5.14 (For Linux)	Linux
Update Tomcat to 9.5.5 (For Linux)	Linux
Update Tomcat to 9.5.7 (For Linux)	Linux
Update Tomcat to 9.5.8 (For Linux)	Linux
Update Tomcat to 9.6.10 (For Linux)	Linux
Update Tomcat to 9.6.3 (For Linux)	Linux
Update Tomcat to 9.6.4 (For Linux)	Linux
Update Tomcat to 9.6.7 (For Linux)	Linux
Update Tomcat to 9.6.8 (For Linux)	Linux
Update Tomcat to 2.4.5 (For Linux)	Linux
Update Tomcat to 3.0.14 (For Linux)	Linux
Vulnerabilities CVE-2007-3383,CVE-2007-2449,CVE-2007-1358,CVE-2007-5461,CVE-2007-2450 are affected in Apache - tomcat for Linux 4.0.6	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234