jvndb-2007-000457
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-07-11 13:48
Severity ?
() - -
Summary
Apache Tomcat cross-site scripting vulnerability
Details
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies. Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability.
References
JVN http://jvn.jp/en/jp/JVN07100457/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450
NVD http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2450
SECUNIA http://secunia.com/advisories/25678/
BID http://www.securityfocus.com/bid/24475
XF http://xforce.iss.net/xforce/xfdb/34868
SECTRACK http://www.securitytracker.com/id?1018245
FRSIRT http://www.frsirt.com/english/advisories/2007/2213
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Apache Software FoundationApache Tomcat
Apple Inc.Apple Mac OS X
Apple Inc.Apple Mac OS X Server
Hewlett-Packard Development Company,L.PHP-UX
Cybertrust Japan Co., Ltd.Asianux Server
Red Hat, Inc.Red Hat Enterprise Linux
Red Hat, Inc.Red Hat Enterprise Linux Desktop
Red Hat, Inc.RHEL Desktop Workstation
Sun Microsystems, Inc.Sun Solaris
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000457.html",
  "dc:date": "2008-07-11T13:48+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-07-11T13:48+09:00",
  "description": "Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.\r\n\r\nApache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.\r\nApache Tomcat Web Application Manager contains a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000457.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000457",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN07100457/index.html",
      "@id": "JVN#07100457",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450",
      "@id": "CVE-2007-2450",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2450",
      "@id": "CVE-2007-2450",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/25678/",
      "@id": "SA25678",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/24475",
      "@id": "24475",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/34868",
      "@id": "34868",
      "@source": "XF"
    },
    {
      "#text": "http://www.securitytracker.com/id?1018245",
      "@id": "1018245",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/2213",
      "@id": "FrSIRT/ADV-2007-2213",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Apache Tomcat cross-site scripting vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.