CVE-2007-2449

NUCLEI

Apache Tomcat <6.0.14 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Exploits (1)

exploitdb WRITEUP VERIFIED

by anonymous · textwebappsjsp

https://www.exploit-db.com/exploits/30189

View Code ZIP pw:eip

Nuclei Templates (1)

Apache Tomcat 4.x-7.x - Cross-Site Scripting

MEDIUMVERIFIEDby pdteam,ritikchaddha

Shodan: title:"Apache Tomcat"

References (40)

[Various Sources] http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

[Mailing List] http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

[Third Party Advisory, VDB Entry] http://osvdb.org/36080

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2008-0630.html

[Vendor Advisory] http://support.apple.com/kb/HT2163

[Various Sources] http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

[Various Sources] http://tomcat.apache.org/security-4.html

[Various Sources] http://tomcat.apache.org/security-5.html

[Patch] http://tomcat.apache.org/security-6.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0569.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0261.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018245

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34869

[Mailing List] https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

... and 20 more

Scores

EPSS 0.4909

EPSS Percentile 97.8%

Details

Status published

Products (50)

apache/tomcat 4.0.0

apache/tomcat 4.0.1

apache/tomcat 4.0.2

apache/tomcat 4.0.3

apache/tomcat 4.0.4

apache/tomcat 4.0.5

apache/tomcat 5.0.0

apache/tomcat 5.0.1

apache/tomcat 5.0.2

apache/tomcat 5.0.3

... and 40 more

Published Jun 14, 2007

Tracked Since Feb 18, 2026