CVE-2007-2449

Aliases:GHSA-hc39-rjwp-qffq

Advisory lineage Upstream: 0 Downstream: 5

Downstream

RHSA-2007:0569 RHSA-2007:0876 RHSA-2008:0261 RHSA-2008:0524 RHSA-2008:0630

Modified

Published: 14 Jun 2007, 23:00

Last modified:07 Aug 2024, 13:42

Vulnerability Summary

Overall Risk (default)

medium

38/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

52.14% CRITICAL

52% probability +4.42%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

14 Jun 2007, 23:00

Published

Vulnerability first disclosed

07 Aug 2024, 13:42

Last Modified

Vulnerability information updated

Description

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 52.14%• Percentile: 98%

Affected Systems

Unknown•Tomcat
≤ 4.1.36 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 5.0.0 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.0.6 | 5.0.7 | 5.0.8 | 5.0.9 | 5.0.10 | 5.0.11 | 5.0.12 | 5.0.13 | 5.0.14 | 5.0.15 | 5.0.16 | 5.0.17 | 5.0.18 | 5.0.19 | 5.0.21 | 5.0.22 | 5.0.23 | 5.0.24 | 5.0.25 | 5.0.26 | 5.0.27 | 5.0.28 | 5.0.29 | 5.0.30 | 5.5.0 | 5.5.1 | 5.5.2 | 5.5.3 | 5.5.4 | 5.5.5 | 5.5.6 | 5.5.7 | 5.5.8 | 5.5.9 | 5.5.10 | 5.5.11 | 5.5.12 | 5.5.13 | 5.5.14 | 5.5.15 | 5.5.16 | 5.5.17 | 5.5.18 | 5.5.19 | 5.5.20 | 5.5.21 | 5.5.22 | 6.0.0 | 6.0.1 | 6.0.2 | 6.0.3 | 6.0.4 | 6.0.5 | 6.0.6 | 6.0.7 | 6.0.8 | 6.0.10 | 6.0.11 | 6.0.12 | 6.0.13
org.apache.tomcat•tomcat
≥ 4.0.0, ≤ 4.0.6 | ≥ 5.0.0, ≤ 5.0.30 | ≥ 5.5.0, ≤ 5.5.24 | ≥ 6.0.0, ≤ 6.0.13