github - ghsa-g77g-vjjm-x83j

ghsa-g77g-vjjm-x83j

Vulnerability from github

Published

2022-05-01 18:26

Modified

2023-09-22 21:06

Summary

Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Details

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.1.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2007-4724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-22T21:06:56Z",
    "nvd_published_at": "2007-09-05T19:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.",
  "id": "GHSA-g77g-vjjm-x83j",
  "modified": "2023-09-22T21:06:56Z",
  "published": "2022-05-01T18:26:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4724"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20070911063436/http://securityreason.com/securityalert/3094"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20081006123851/http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200526022330/http://www.securityfocus.com/archive/1/478491/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Tomcat Example Application CSRF and XSS Vulnerabilities"
}

cve-2007-4724

Vulnerability from cvelistv5

Published

2007-09-05 19:00

Modified

2024-08-07 15:08

Severity

Summary

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

References

URL	Tags
http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html	mailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/3094	third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/archive/1/478491/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://osvdb.org/41029	vdb-entry, x_refsource_OSVDB

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070904 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html"
          },
          {
            "name": "3094",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3094"
          },
          {
            "name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded"
          },
          {
            "name": "41029",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070904 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html"
        },
        {
          "name": "3094",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3094"
        },
        {
          "name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded"
        },
        {
          "name": "41029",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41029"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4724",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070904 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html"
            },
            {
              "name": "3094",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3094"
            },
            {
              "name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded"
            },
            {
              "name": "41029",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41029"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4724",
    "datePublished": "2007-09-05T19:00:00",
    "dateReserved": "2007-09-05T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.