FKIE_CVE-2007-2449

Vulnerability from fkie_nvd - Published: 2007-06-14 23:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
References
secalert@redhat.comhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhat.comhttp://osvdb.org/36080
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2008-0630.html
secalert@redhat.comhttp://secunia.com/advisories/26076
secalert@redhat.comhttp://secunia.com/advisories/27037
secalert@redhat.comhttp://secunia.com/advisories/27727
secalert@redhat.comhttp://secunia.com/advisories/29392
secalert@redhat.comhttp://secunia.com/advisories/30802
secalert@redhat.comhttp://secunia.com/advisories/31493
secalert@redhat.comhttp://secunia.com/advisories/33668
secalert@redhat.comhttp://securityreason.com/securityalert/2804
secalert@redhat.comhttp://support.apple.com/kb/HT2163
secalert@redhat.comhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
secalert@redhat.comhttp://tomcat.apache.org/security-4.html
secalert@redhat.comhttp://tomcat.apache.org/security-5.html
secalert@redhat.comhttp://tomcat.apache.org/security-6.htmlPatch
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:241
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0569.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0261.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/471351/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/500396/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/500412/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/24476
secalert@redhat.comhttp://www.securitytracker.com/id?1018245
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2213
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/3386
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1981/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0233
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34869
secalert@redhat.comhttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
af854a3a-2127-422b-91ae-364da2661108http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36080
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2008-0630.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26076
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27037
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27727
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29392
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30802
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31493
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33668
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2804
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT2163
af854a3a-2127-422b-91ae-364da2661108http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-4.html
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-5.html
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-6.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0569.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0261.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/471351/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/500396/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/500412/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24476
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018245
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2213
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3386
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1981/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0233
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34869
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Impacted products
Vendor Product Version
apache tomcat *
apache tomcat 4.0.0
apache tomcat 4.0.1
apache tomcat 4.0.2
apache tomcat 4.0.3
apache tomcat 4.0.4
apache tomcat 4.0.5
apache tomcat 5.0.0
apache tomcat 5.0.1
apache tomcat 5.0.2
apache tomcat 5.0.3
apache tomcat 5.0.4
apache tomcat 5.0.5
apache tomcat 5.0.6
apache tomcat 5.0.7
apache tomcat 5.0.8
apache tomcat 5.0.9
apache tomcat 5.0.10
apache tomcat 5.0.11
apache tomcat 5.0.12
apache tomcat 5.0.13
apache tomcat 5.0.14
apache tomcat 5.0.15
apache tomcat 5.0.16
apache tomcat 5.0.17
apache tomcat 5.0.18
apache tomcat 5.0.19
apache tomcat 5.0.21
apache tomcat 5.0.22
apache tomcat 5.0.23
apache tomcat 5.0.24
apache tomcat 5.0.25
apache tomcat 5.0.26
apache tomcat 5.0.27
apache tomcat 5.0.28
apache tomcat 5.0.29
apache tomcat 5.0.30
apache tomcat 5.5.0
apache tomcat 5.5.1
apache tomcat 5.5.2
apache tomcat 5.5.3
apache tomcat 5.5.4
apache tomcat 5.5.5
apache tomcat 5.5.6
apache tomcat 5.5.7
apache tomcat 5.5.8
apache tomcat 5.5.9
apache tomcat 5.5.10
apache tomcat 5.5.11
apache tomcat 5.5.12
apache tomcat 5.5.13
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.5.16
apache tomcat 5.5.17
apache tomcat 5.5.18
apache tomcat 5.5.19
apache tomcat 5.5.20
apache tomcat 5.5.21
apache tomcat 5.5.22
apache tomcat 6.0.0
apache tomcat 6.0.1
apache tomcat 6.0.2
apache tomcat 6.0.3
apache tomcat 6.0.4
apache tomcat 6.0.5
apache tomcat 6.0.6
apache tomcat 6.0.7
apache tomcat 6.0.8
apache tomcat 6.0.10
apache tomcat 6.0.11
apache tomcat 6.0.12
apache tomcat 6.0.13
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2F21F74-F36E-477D-9E5A-6EA1D210A408",
              "versionEndIncluding": "4.1.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "914E1404-01A2-4F94-AA40-D5EA20F55AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FB1106-B26D-45BE-A511-8E69131BBA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "401A213A-FED3-49C0-B823-2E02EA528905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE5AD8-DB14-4632-9D2A-F2013579CA7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7641278D-3B8B-4CD2-B284-2047B65514A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7B9911-E836-4A96-A0E8-D13C957EC0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D9B12F-F36A-424E-99BB-E00EF0FCA277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8FEEF0-8E57-43B1-8316-228B76E458D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82F3FAE-91AD-4F0B-A1F7-11C1A97C5ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3B2802B-E56C-462A-9601-361A9166B5F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "190FB4FD-22A5-4771-8F99-1E260A36A474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BD3785E-3A09-4BE4-96C7-619B8A7D5062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "285F7969-09F6-48CC-89CE-928225A53CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9EDACC-0300-4DA7-B1CD-5F7A6029AF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B387EF0-94AD-4C8E-8CD4-4F5F706481BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA486065-18D5-4425-ADA5-284101919564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0141E20-2E3D-4CD0-A757-D7CA98499CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E62493D-FEAE-49E8-A293-CE18451D0264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA01AB58-CAB2-420A-9899-EAB153DD898A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D731AFDD-9C33-4DC8-9BC6-06BB51048752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "01706205-1369-4E5D-8936-723DA980CA9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC4A52C-6FBC-420A-885A-F72BC1DBAEC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1C882D-949B-40B9-BC9F-E7FCE4FE7C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A1451D2-B905-4AD7-9BD7-10CF2A12BA34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C505696B-10E4-4B99-A598-40FA0DA39F7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB2F3D8-25A1-408E-80D0-59D52A901284",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3904E9A-585A-4005-B2E9-13538535383D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1934BF-83E3-4B0B-A1DF-391A5332CE39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F06B9809-5BFA-4DB9-8753-1D8319713879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6631B0-9F2E-4C5F-AB21-F085A8C1559B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "15625451-E56D-405F-BE9B-B3CB1A35E929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "97ADBDC4-B669-467D-9A07-9A2DD8B68374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA876C8-4417-4C35-9FEC-278D45CE6E92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C08A88-9377-4B32-8173-EE2D121B06D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7225A43-8EAE-4DA6-BBDC-4418D5444767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A46C0933-3B19-40EA-8DED-2BF25AB85C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ciertos ficheros JSP en la aplicaci\u00f3n web de ejemplo en el Apache Tomcat 4.0.0 hasta el 4.0.6, 4.1.0  hasta el 4.1.36, 5.0.0 hasta el 5.0.30, 5.5.0 hasta el 5.5.24 y el 6.0.0 hasta el 6.0.13 permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la porci\u00f3n de URI despu\u00e9s del caracter \u0027;\u0027, como lo demostrado utilizando una URI que conten\u00eda una secuencia \"snp/snoop.jsp;\"."
    }
  ],
  "id": "CVE-2007-2449",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-14T23:30:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/36080"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26076"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27037"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27727"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29392"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33668"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/2804"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/24476"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1018245"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/2213"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3386"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/0233"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471351/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.