CVE-2007-2449
Vulnerability from cvelistv5
Published
2007-06-14 23:00
Modified
2024-08-07 13:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
References
secalert@redhat.comhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhat.comhttp://osvdb.org/36080
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2008-0630.html
secalert@redhat.comhttp://secunia.com/advisories/26076
secalert@redhat.comhttp://secunia.com/advisories/27037
secalert@redhat.comhttp://secunia.com/advisories/27727
secalert@redhat.comhttp://secunia.com/advisories/29392
secalert@redhat.comhttp://secunia.com/advisories/30802
secalert@redhat.comhttp://secunia.com/advisories/31493
secalert@redhat.comhttp://secunia.com/advisories/33668
secalert@redhat.comhttp://securityreason.com/securityalert/2804
secalert@redhat.comhttp://support.apple.com/kb/HT2163
secalert@redhat.comhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
secalert@redhat.comhttp://tomcat.apache.org/security-4.html
secalert@redhat.comhttp://tomcat.apache.org/security-5.html
secalert@redhat.comhttp://tomcat.apache.org/security-6.htmlPatch
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:241
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0569.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0261.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/471351/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/500396/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/500412/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/24476
secalert@redhat.comhttp://www.securitytracker.com/id?1018245
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2213
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/3386
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1981/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0233
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34869
secalert@redhat.comhttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:33.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "RHSA-2008:0630",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
          },
          {
            "name": "ADV-2008-1981",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "FEDORA-2007-3456",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
          },
          {
            "name": "24476",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24476"
          },
          {
            "name": "31493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31493"
          },
          {
            "name": "20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded"
          },
          {
            "name": "2804",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2804"
          },
          {
            "name": "RHSA-2007:0569",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html"
          },
          {
            "name": "tomcat-example-xss(34869)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "1018245",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018245"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "29392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29392"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2008:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "ADV-2007-3386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "name": "30802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "27037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "name": "SSRT071447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "27727",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27727"
          },
          {
            "name": "HPSBUX02262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "36080",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36080"
          },
          {
            "name": "oval:org.mitre.oval:def:10578",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578"
          },
          {
            "name": "26076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26076"
          },
          {
            "name": "ADV-2007-2213",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2213"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "MDKSA-2007:241",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:33",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2163"
        },
        {
          "name": "RHSA-2008:0630",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
        },
        {
          "name": "ADV-2008-1981",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1981/references"
        },
        {
          "name": "FEDORA-2007-3456",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
        },
        {
          "name": "24476",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24476"
        },
        {
          "name": "31493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31493"
        },
        {
          "name": "20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded"
        },
        {
          "name": "2804",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2804"
        },
        {
          "name": "RHSA-2007:0569",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html"
        },
        {
          "name": "tomcat-example-xss(34869)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "1018245",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018245"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "29392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29392"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2008:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
        },
        {
          "name": "APPLE-SA-2008-06-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "name": "ADV-2007-3386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3386"
        },
        {
          "name": "30802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30802"
        },
        {
          "name": "27037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27037"
        },
        {
          "name": "SSRT071447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "27727",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27727"
        },
        {
          "name": "HPSBUX02262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "name": "36080",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36080"
        },
        {
          "name": "oval:org.mitre.oval:def:10578",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578"
        },
        {
          "name": "26076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26076"
        },
        {
          "name": "ADV-2007-2213",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2213"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "MDKSA-2007:241",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-2449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "RHSA-2008:0630",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "FEDORA-2007-3456",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
            },
            {
              "name": "24476",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24476"
            },
            {
              "name": "31493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31493"
            },
            {
              "name": "20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded"
            },
            {
              "name": "2804",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2804"
            },
            {
              "name": "RHSA-2007:0569",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html"
            },
            {
              "name": "tomcat-example-xss(34869)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "1018245",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018245"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "29392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29392"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "ADV-2007-3386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3386"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "27037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27037"
            },
            {
              "name": "SSRT071447",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "27727",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27727"
            },
            {
              "name": "HPSBUX02262",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "36080",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36080"
            },
            {
              "name": "oval:org.mitre.oval:def:10578",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578"
            },
            {
              "name": "26076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26076"
            },
            {
              "name": "ADV-2007-2213",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2213"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "MDKSA-2007:241",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-2449",
    "datePublished": "2007-06-14T23:00:00",
    "dateReserved": "2007-05-02T00:00:00",
    "dateUpdated": "2024-08-07T13:42:33.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2449\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2007-06-14T23:30:00.000\",\"lastModified\":\"2023-11-07T02:00:37.397\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \\\"snp/snoop.jsp;\\\" sequence.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ciertos ficheros JSP en la aplicaci\u00f3n web de ejemplo en el Apache Tomcat 4.0.0 hasta el 4.0.6, 4.1.0  hasta el 4.1.36, 5.0.0 hasta el 5.0.30, 5.5.0 hasta el 5.5.24 y el 6.0.0 hasta el 6.0.13 permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la porci\u00f3n de URI despu\u00e9s del caracter \u0027;\u0027, como lo demostrado utilizando una URI que conten\u00eda una secuencia \\\"snp/snoop.jsp;\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.1.36\",\"matchCriteriaId\":\"A2F21F74-F36E-477D-9E5A-6EA1D210A408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"914E1404-01A2-4F94-AA40-D5EA20F55AD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FB1106-B26D-45BE-A511-8E69131BBA52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"401A213A-FED3-49C0-B823-2E02EA528905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BFE5AD8-DB14-4632-9D2A-F2013579CA7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7641278D-3B8B-4CD2-B284-2047B65514A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7B9911-E836-4A96-A0E8-D13C957EC0EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D9B12F-F36A-424E-99BB-E00EF0FCA277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A8FEEF0-8E57-43B1-8316-228B76E458D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D82F3FAE-91AD-4F0B-A1F7-11C1A97C5ECB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B2802B-E56C-462A-9601-361A9166B5F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"190FB4FD-22A5-4771-8F99-1E260A36A474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BD3785E-3A09-4BE4-96C7-619B8A7D5062\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"285F7969-09F6-48CC-89CE-928225A53CDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B9EDACC-0300-4DA7-B1CD-5F7A6029AF38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B387EF0-94AD-4C8E-8CD4-4F5F706481BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA486065-18D5-4425-ADA5-284101919564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0141E20-2E3D-4CD0-A757-D7CA98499CCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E62493D-FEAE-49E8-A293-CE18451D0264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA01AB58-CAB2-420A-9899-EAB153DD898A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D731AFDD-9C33-4DC8-9BC6-06BB51048752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01706205-1369-4E5D-8936-723DA980CA9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DC4A52C-6FBC-420A-885A-F72BC1DBAEC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A1C882D-949B-40B9-BC9F-E7FCE4FE7C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A1451D2-B905-4AD7-9BD7-10CF2A12BA34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C505696B-10E4-4B99-A598-40FA0DA39F7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EB2F3D8-25A1-408E-80D0-59D52A901284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3904E9A-585A-4005-B2E9-13538535383D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA1934BF-83E3-4B0B-A1DF-391A5332CE39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F06B9809-5BFA-4DB9-8753-1D8319713879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF6631B0-9F2E-4C5F-AB21-F085A8C1559B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15625451-E56D-405F-BE9B-B3CB1A35E929\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97ADBDC4-B669-467D-9A07-9A2DD8B68374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA876C8-4417-4C35-9FEC-278D45CE6E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C08A88-9377-4B32-8173-EE2D121B06D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7225A43-8EAE-4DA6-BBDC-4418D5444767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A46C0933-3B19-40EA-8DED-2BF25AB85C17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E98B82A-22E5-4E6C-90AE-56F5780EA147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34672E90-C220-436B-9143-480941227933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92883AFA-A02F-41A5-9977-ABEAC8AD2970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"989A78F8-EE92-465F-8A8D-ECF0B58AFE7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFB09F3-32D1-479C-8C39-D7329D9A6623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56581E2-9ECD-426A-96D8-A9D958900AD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717F6995-5AF0-484C-90C0-A82F25FD2E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0C01D5-773F-469C-9E69-170C2844AAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB03FDFB-4DBF-4B70-BFA3-570D1DE67695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5CF79C-759B-4FF9-90EE-847264059E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"357651FD-392E-4775-BF20-37A23B3ABAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585B9476-6B86-4809-9B9E-26112114CB59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6145036D-4FCE-4EBE-A137-BDFA69BA54F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E437055A-0A81-413F-AB08-0E9D0DC9EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9276A093-9C98-4617-9941-2276995F5848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98575E2-E39A-4A8F-B5B5-BD280B8367BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5878E08E-2741-4798-94E9-BA8E07386B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F6BAB7-C099-4345-A632-7287AEA555B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"}]}]}],\"references\":[{\"url\":\"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/36080\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2008-0630.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/26076\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/27037\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/27727\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/29392\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/30802\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31493\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33668\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/2804\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT2163\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:241\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0569.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0261.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/471351/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/500396/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/500412/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/24476\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1018245\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2213\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3386\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1981/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0233\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34869\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html\",\"source\":\"secalert@redhat.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.