CVE-2007-2449 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-2449
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2449

Description: Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/34869 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html ST 1018245 SREASON http://securityreason.com/securityalert/2804 SAID Secunia Advisory: SA31493 Secunia Advisory: SA30802 Secunia Advisory: SA29392 Secunia Advisory: SA27037 Secunia Advisory: SA27727 Secunia Advisory: SA26076 REDHAT http://rhn.redhat.com/errata/RHSA-2008-0630.html http://www.redhat.com/support/errata/RHSA-2007-0569.html http://www.redhat.com/support/errata/RHSA-2008-0261.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 FEDORA CONFIRM http://tomcat.apache.org/security-5.html http://support.apple.com/kb/HT2163 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-6.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/471351/100/0/threaded BID 24476 APPLE http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Return to the previous page.