ID CVE-2007-2449
Summary Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 4.0.0
    cpe:2.3:a:apache:tomcat:4.0.0
  • Apache Software Foundation Tomcat 4.0.1
    cpe:2.3:a:apache:tomcat:4.0.1
  • Apache Software Foundation Tomcat 4.0.2
    cpe:2.3:a:apache:tomcat:4.0.2
  • Apache Software Foundation Tomcat 4.0.3
    cpe:2.3:a:apache:tomcat:4.0.3
  • Apache Software Foundation Tomcat 4.0.4
    cpe:2.3:a:apache:tomcat:4.0.4
  • Apache Software Foundation Tomcat 4.0.5
    cpe:2.3:a:apache:tomcat:4.0.5
  • Apache Software Foundation Tomcat 4.1.36
    cpe:2.3:a:apache:tomcat:4.1.36
  • Apache Software Foundation Tomcat 5.0.0
    cpe:2.3:a:apache:tomcat:5.0.0
  • Apache Software Foundation Tomcat 5.0.1
    cpe:2.3:a:apache:tomcat:5.0.1
  • Apache Software Foundation Tomcat 5.0.2
    cpe:2.3:a:apache:tomcat:5.0.2
  • Apache Software Foundation Tomcat 5.0.3
    cpe:2.3:a:apache:tomcat:5.0.3
  • Apache Software Foundation Tomcat 5.0.4
    cpe:2.3:a:apache:tomcat:5.0.4
  • Apache Software Foundation Tomcat 5.0.5
    cpe:2.3:a:apache:tomcat:5.0.5
  • Apache Software Foundation Tomcat 5.0.6
    cpe:2.3:a:apache:tomcat:5.0.6
  • Apache Software Foundation Tomcat 5.0.7
    cpe:2.3:a:apache:tomcat:5.0.7
  • Apache Software Foundation Tomcat 5.0.8
    cpe:2.3:a:apache:tomcat:5.0.8
  • Apache Software Foundation Tomcat 5.0.9
    cpe:2.3:a:apache:tomcat:5.0.9
  • Apache Software Foundation Tomcat 5.0.10
    cpe:2.3:a:apache:tomcat:5.0.10
  • Apache Software Foundation Tomcat 5.0.11
    cpe:2.3:a:apache:tomcat:5.0.11
  • Apache Software Foundation Tomcat 5.0.12
    cpe:2.3:a:apache:tomcat:5.0.12
  • Apache Software Foundation Tomcat 5.0.13
    cpe:2.3:a:apache:tomcat:5.0.13
  • Apache Software Foundation Tomcat 5.0.14
    cpe:2.3:a:apache:tomcat:5.0.14
  • Apache Software Foundation Tomcat 5.0.15
    cpe:2.3:a:apache:tomcat:5.0.15
  • Apache Software Foundation Tomcat 5.0.16
    cpe:2.3:a:apache:tomcat:5.0.16
  • Apache Software Foundation Tomcat 5.0.17
    cpe:2.3:a:apache:tomcat:5.0.17
  • Apache Software Foundation Tomcat 5.0.18
    cpe:2.3:a:apache:tomcat:5.0.18
  • Apache Software Foundation Tomcat 5.0.19
    cpe:2.3:a:apache:tomcat:5.0.19
  • Apache Software Foundation Tomcat 5.0.21
    cpe:2.3:a:apache:tomcat:5.0.21
  • Apache Software Foundation Tomcat 5.0.22
    cpe:2.3:a:apache:tomcat:5.0.22
  • Apache Software Foundation Tomcat 5.0.23
    cpe:2.3:a:apache:tomcat:5.0.23
  • Apache Software Foundation Tomcat 5.0.24
    cpe:2.3:a:apache:tomcat:5.0.24
  • Apache Software Foundation Tomcat 5.0.25
    cpe:2.3:a:apache:tomcat:5.0.25
  • Apache Software Foundation Tomcat 5.0.26
    cpe:2.3:a:apache:tomcat:5.0.26
  • Apache Software Foundation Tomcat 5.0.27
    cpe:2.3:a:apache:tomcat:5.0.27
  • Apache Software Foundation Tomcat 5.0.28
    cpe:2.3:a:apache:tomcat:5.0.28
  • Apache Software Foundation Tomcat 5.0.29
    cpe:2.3:a:apache:tomcat:5.0.29
  • Apache Software Foundation Tomcat 5.0.30
    cpe:2.3:a:apache:tomcat:5.0.30
  • Apache Software Foundation Tomcat 5.5.0
    cpe:2.3:a:apache:tomcat:5.5.0
  • Apache Software Foundation Tomcat 5.5.1
    cpe:2.3:a:apache:tomcat:5.5.1
  • Apache Software Foundation Tomcat 5.5.2
    cpe:2.3:a:apache:tomcat:5.5.2
  • Apache Software Foundation Tomcat 5.5.3
    cpe:2.3:a:apache:tomcat:5.5.3
  • Apache Software Foundation Tomcat 5.5.4
    cpe:2.3:a:apache:tomcat:5.5.4
  • Apache Software Foundation Tomcat 5.5.5
    cpe:2.3:a:apache:tomcat:5.5.5
  • Apache Software Foundation Tomcat 5.5.6
    cpe:2.3:a:apache:tomcat:5.5.6
  • Apache Software Foundation Tomcat 5.5.7
    cpe:2.3:a:apache:tomcat:5.5.7
  • Apache Software Foundation Tomcat 5.5.8
    cpe:2.3:a:apache:tomcat:5.5.8
  • Apache Software Foundation Tomcat 5.5.9
    cpe:2.3:a:apache:tomcat:5.5.9
  • Apache Software Foundation Tomcat 5.5.10
    cpe:2.3:a:apache:tomcat:5.5.10
  • Apache Software Foundation Tomcat 5.5.11
    cpe:2.3:a:apache:tomcat:5.5.11
  • Apache Software Foundation Tomcat 5.5.12
    cpe:2.3:a:apache:tomcat:5.5.12
  • Apache Software Foundation Tomcat 5.5.13
    cpe:2.3:a:apache:tomcat:5.5.13
  • Apache Software Foundation Tomcat 5.5.14
    cpe:2.3:a:apache:tomcat:5.5.14
  • Apache Software Foundation Tomcat 5.5.15
    cpe:2.3:a:apache:tomcat:5.5.15
  • Apache Software Foundation Tomcat 5.5.16
    cpe:2.3:a:apache:tomcat:5.5.16
  • Apache Software Foundation Tomcat 5.5.17
    cpe:2.3:a:apache:tomcat:5.5.17
  • Apache Software Foundation Tomcat 5.5.18
    cpe:2.3:a:apache:tomcat:5.5.18
  • Apache Software Foundation Tomcat 5.5.19
    cpe:2.3:a:apache:tomcat:5.5.19
  • Apache Software Foundation Tomcat 5.5.20
    cpe:2.3:a:apache:tomcat:5.5.20
  • Apache Software Foundation Tomcat 5.5.21
    cpe:2.3:a:apache:tomcat:5.5.21
  • Apache Software Foundation Tomcat 5.5.22
    cpe:2.3:a:apache:tomcat:5.5.22
  • Apache Software Foundation Tomcat 6.0.0
    cpe:2.3:a:apache:tomcat:6.0.0
  • Apache Software Foundation Tomcat 6.0.1
    cpe:2.3:a:apache:tomcat:6.0.1
  • Apache Software Foundation Tomcat 6.0.2
    cpe:2.3:a:apache:tomcat:6.0.2
  • Apache Software Foundation Tomcat 6.0.3
    cpe:2.3:a:apache:tomcat:6.0.3
  • Apache Software Foundation Tomcat 6.0.4
    cpe:2.3:a:apache:tomcat:6.0.4
  • Apache Software Foundation Tomcat 6.0.5
    cpe:2.3:a:apache:tomcat:6.0.5
  • Apache Software Foundation Tomcat 6.0.6
    cpe:2.3:a:apache:tomcat:6.0.6
  • Apache Software Foundation Tomcat 6.0.7
    cpe:2.3:a:apache:tomcat:6.0.7
  • Apache Software Foundation Tomcat 6.0.8
    cpe:2.3:a:apache:tomcat:6.0.8
  • Apache Software Foundation Tomcat 6.0.10
    cpe:2.3:a:apache:tomcat:6.0.10
  • Apache Software Foundation Tomcat 6.0.11
    cpe:2.3:a:apache:tomcat:6.0.11
  • Apache Software Foundation Tomcat 6.0.12
    cpe:2.3:a:apache:tomcat:6.0.12
  • Apache Software Foundation Tomcat 6.0.13
    cpe:2.3:a:apache:tomcat:6.0.13
CVSS
Base: 4.3 (as of 15-06-2007 - 16:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description Apache Tomcat 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability. CVE-2007-2449. Webapps exploit for jsp platform
id EDB-ID:30189
last seen 2016-02-03
modified 2007-06-14
published 2007-06-14
reporter anonymous
source https://www.exploit-db.com/download/30189/
title Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross-Site Scripting Vulnerability
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-004.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-004 applied. This update contains security fixes for a number of programs.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 33282
    published 2008-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33282
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-004)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0630.NASL
    description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. During an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369) This release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 43840
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43840
    title RHEL 4 : Satellite Server (RHSA-2008:0630)
  • NASL family CGI abuses : XSS
    NASL id TOMCAT_SNOOP_URI_XSS.NASL
    description The remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 25525
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25525
    title Apache Tomcat snoop.jsp URI XSS
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0569.NASL
    description From Red Hat Security Advisory 2007:0569 : Updated tomcat packages that fix two security issues and a packaging bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies. Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Users of Tomcat should update to these erratum packages, which contain backported patches to correct these issues.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67536
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67536
    title Oracle Linux 5 : tomcat (ELSA-2007-0569)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3456.NASL
    description Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 7. This update includes fixes to the following : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450 - CVE-2007-2449 - CVE-2007-5461 - CVE-2007-1358 All users of tomcat are advised to update to these packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-08
    plugin id 28257
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28257
    title Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_4.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. Mac OS X 10.5.4 contains security fixes for multiple components.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 33281
    published 2008-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33281
    title Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT5-5071.NASL
    description This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858).
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 31675
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31675
    title openSUSE 10 Security Update : tomcat5 (tomcat5-5071)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT5-5070.NASL
    description This update of tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers. (CVE-2007-1858)
    last seen 2019-01-16
    modified 2012-05-17
    plugin id 31674
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31674
    title SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0569.NASL
    description Updated tomcat packages that fix two security issues and a packaging bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies. Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Users of Tomcat should update to these erratum packages, which contain backported patches to correct these issues.
    last seen 2019-01-16
    modified 2018-11-16
    plugin id 25724
    published 2007-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25724
    title RHEL 5 : tomcat (RHSA-2007:0569)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_WEBSPHERE-AS_CE-5850.NASL
    description Websphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)
    last seen 2019-01-16
    modified 2016-12-22
    plugin id 41596
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41596
    title SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070717_TOMCAT_ON_SL5_X.NASL
    description Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195)
    last seen 2019-01-16
    modified 2019-01-07
    plugin id 60227
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60227
    title Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
  • NASL family Web Servers
    NASL id TOMCAT_4_1_37.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.37. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack if the deprecated AJP connector processes a client request having a non-zero Content-Length and the client disconnects before sending the request body. (CVE-2005-3164) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP and Servlet examples are enabled. Several of these examples do not properly validate user input. (CVE-2007-1355, CVE-2007-2449) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the Manager web application is enabled as it fails to escape input data. (CVE-2007-2450) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. Apache Tomcat treats the single quote character in a cookie as a delimiter which can lead to information, such as session ID, to be disclosed. (CVE-2007-3382) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the SendMailServlet is enabled. The SendMailServlet is a part of the examples web application and, when reporting error messages, fails to escape user provided data. (CVE-2007-3383) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or '%5C' in cookie values. (CVE-2007-3385, CVE-2007-5333) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via the WebDAV servlet. Certain WebDAV requests, containing an entity with a SYSTEM tag, can result in the disclosure of arbitrary file contents. (CVE-2007-5461) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number..
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 47030
    published 2010-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47030
    title Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT55-5069.NASL
    description This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858).
    last seen 2019-01-16
    modified 2014-06-13
    plugin id 31698
    published 2008-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31698
    title openSUSE 10 Security Update : tomcat55 (tomcat55-5069)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-241.NASL
    description A number of vulnerabilities were found in Tomcat : A directory traversal vulnerability, when using certain proxy modules, allows a remote attacker to read arbitrary files via a .. (dot dot) sequence with various slash, backslash, or url-encoded backslash characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only). Multiple cross-site scripting vulnerabilities in certain JSP files allow remote attackers to inject arbitrary web script or HTML (CVE-2007-2449). Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450). Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382). Tomcat did not properly handle the ' character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385). A cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386). Finally, an absolute path traversal vulnerability, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag (CVE-2007-5461). The updated packages have been patched to correct these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 38147
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38147
    title Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0569.NASL
    description Updated tomcat packages that fix two security issues and a packaging bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies. Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Users of Tomcat should update to these erratum packages, which contain backported patches to correct these issues.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 25777
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25777
    title CentOS 5 : tomcat (CESA-2007:0569)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0524.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 43837
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43837
    title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12116.NASL
    description This update of Tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers. (CVE-2007-1858)
    last seen 2019-01-16
    modified 2012-04-23
    plugin id 41202
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41202
    title SuSE9 Security Update : Tomcat (YOU Patch Number 12116)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3474.NASL
    description Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 8. This update includes fixes to the following : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450 - CVE-2007-2449 - CVE-2007-5461 - CVE-2007-1358 All users of tomcat are advised to update to these packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-08
    plugin id 28258
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28258
    title Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0261.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 43835
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43835
    title RHEL 4 : Satellite Server (RHSA-2008:0261)
  • NASL family Web Servers
    NASL id TOMCAT_5_5_25.NASL
    description According to its self-reported version number, the instance Apache Tomcat running on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.25. It is, therefore, affected by multiple vulnerabilities : - An error exists in several JSP example files that allows script injection via URLs using the ';' character. (CVE-2007-2449) - The Manager and Host Manager applications do not properly sanitize the 'filename' parameter of the '/manager/html/upload' script, which can lead to cross- site scripting attacks. (CVE-2007-2450) - An error exists in the handling of cookie values containing single quotes which Tomcat treats as delimiters. This can allow disclosure of sensitive information such as session IDs. (CVE-2007-3382) - An error exists in the handling of cookie values containing backslashes which Tomcat treats as delimiters. This can allow disclosure of sensitive information such as session IDs. (CVE-2007-3385) - An error exists in the Host Manager application which allows script injection. (CVE-2007-3386) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 51059
    published 2010-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51059
    title Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id TOMCAT_6_0_14.NASL
    description According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.14. It is, therefore, affected by the following vulnerabilities : - Cross-site scripting (XSS) vulnerabilities exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2007-2449, CVE-2007-2450, CVE-2007-3386) - Session hijacking vulnerabilities exists in Tomcat due to incorrect handling of specific special characters in cookie values. In certain cases an attacker could leverage this to leak sensitive information, such as the session ID. (CVE-2007-3382, CVE-2007-3385) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2019-01-11
    plugin id 121113
    published 2019-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121113
    title Apache Tomcat < 6.0.14 Multiple Vulnerabilities
oval via4
accepted 2013-04-29T04:06:50.174-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
family unix
id oval:org.mitre.oval:def:10578
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
version 18
packetstorm via4
data source https://packetstormsecurity.com/files/download/57183/CVE-2007-2449.txt
id PACKETSTORM:57183
last seen 2016-12-05
published 2007-06-15
reporter tomcat.apache.org
source https://packetstormsecurity.com/files/57183/CVE-2007-2449.txt.html
title CVE-2007-2449.txt
redhat via4
advisories
  • rhsa
    id RHSA-2007:0569
  • rhsa
    id RHSA-2008:0261
  • rhsa
    id RHSA-2008:0630
rpms
  • tomcat5-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-admin-webapps-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-common-lib-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-jasper-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-server-lib-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.1.0.4.el5
  • tomcat5-webapps-0:5.5.23-0jpp.1.0.4.el5
refmap via4
apple APPLE-SA-2008-06-30
bid 24476
bugtraq
  • 20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples
  • 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
  • 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
confirm
fedora FEDORA-2007-3456
hp
  • HPSBUX02262
  • SSRT071447
mandriva MDKSA-2007:241
osvdb 36080
sectrack 1018245
secunia
  • 26076
  • 27037
  • 27727
  • 29392
  • 30802
  • 31493
  • 33668
sreason 2804
suse
  • SUSE-SR:2008:007
  • SUSE-SR:2009:004
vupen
  • ADV-2007-2213
  • ADV-2007-3386
  • ADV-2008-1981
  • ADV-2009-0233
xf tomcat-example-xss(34869)
Last major update 30-10-2012 - 22:34
Published 14-06-2007 - 19:30
Last modified 16-10-2018 - 12:44
Back to Top