CVE-2007-2450

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

References

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://exchange.xforce.ibmcloud.com/vulnerabilities/34868

http://www.vupen.com/english/advisories/2009/0233

http://www.vupen.com/english/advisories/2008/1981/references

http://www.vupen.com/english/advisories/2008/1979/references

http://www.vupen.com/english/advisories/2007/3386

http://www.vupen.com/english/advisories/2007/2213

http://www.securitytracker.com/id?1018245

http://www.securityfocus.com/bid/24475

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/471357/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://www.redhat.com/support/errata/RHSA-2007-0569.html

http://www.osvdb.org/36079

http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

http://www.debian.org/security/2008/dsa-1468

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-4.html

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://support.apple.com/kb/HT2163

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

http://securityreason.com/securityalert/2813

http://secunia.com/advisories/33668

http://secunia.com/advisories/30908

http://secunia.com/advisories/30899

http://secunia.com/advisories/30802

http://secunia.com/advisories/28549

http://secunia.com/advisories/27727

http://secunia.com/advisories/27037

http://secunia.com/advisories/26076

http://secunia.com/advisories/25678

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://jvn.jp/jp/JVN%2307100457/index.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Details

Source: Mitre, NVD

Published: 2007-06-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium