CVE-2007-2449
published 2007-06-14CVE-2007-2449: Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through…
PriorityP434medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
77.38%
99.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Affected
73 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | <= 4.1.36 | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests targeting JSP example application paths containing a semicolon (';') followed by arbitrary content after snoop.jsp — the XSS payload is injected in the URI segment after the ';' character. ↗
- →Match HTTP 200 responses whose body contains both 'Request URI: /examples/jsp/snp/snoop.jsp;alert(document.domain)test.jsp' and 'JSP Request Method' with Content-Type text/html — this confirms the XSS payload is reflected unencoded. ↗
- →Shodan query 'title:"Apache Tomcat"' can be used to identify potentially exposed Tomcat instances for targeted scanning. ↗
- ·The vulnerability is specific to the 'examples' web application bundled with Apache Tomcat. The attack surface only exists if this optional examples webapp is deployed (it is not required for production use). Affected versions span Tomcat 4.0.0–4.0.6, 4.1.0–4.1.36, 5.0.0–5.0.30, 5.5.0–5.5.24, and 6.0.0–6.0.13. ↗
- ·Exploitation can lead to theft of cookie-based authentication credentials, making session hijacking a primary risk beyond simple script injection. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Tomcat XSS Vulnerabilities in Examples Web Application
ghsa·2022-05-01
CVE-2007-2449 [MEDIUM] Apache Tomcat XSS Vulnerabilities in Examples Web Application
Apache Tomcat XSS Vulnerabilities in Examples Web Application
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the `;` character, as demonstrated by a URI containing a `snp/snoop.jsp;` sequence.
OSV
Apache Tomcat XSS Vulnerabilities in Examples Web Application
osv·2022-05-01
CVE-2007-2449 [MEDIUM] Apache Tomcat XSS Vulnerabilities in Examples Web Application
Apache Tomcat XSS Vulnerabilities in Examples Web Application
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the `;` character, as demonstrated by a URI containing a `snp/snoop.jsp;` sequence.
Red Hat
tomcat examples jsp XSS
vendor_redhat·2007-06-13·CVSS 4.3
CVE-2007-2449 [MEDIUM] CWE-79 tomcat examples jsp XSS
tomcat examples jsp XSS
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
No detection rules found.
Exploit-DB
Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting
exploitdb·2007-06-14
CVE-2007-2449 Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting
Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/24476/info
Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
http:/;www.example.com/jsp-examples/snp/snoop.jsp;[xss]
Nuclei
Apache Tomcat 4.x-7.x - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2007-2449 [MEDIUM] Apache Tomcat 4.x-7.x - Cross-Site Scripting
Apache Tomcat 4.x-7.x - Cross-Site Scripting
Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
Template:
id: CVE-2007-2449
info:
name: Apache Tomcat 4.x-7.x - Cross-Site Scripting
author: pdteam,ritikchaddha
severity: medium
description: |
Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Attackers can execute arbitrary scripts in victim browsers, leading to sessi
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
bugzilla·2008-01-10·CVSS 4.3
CVE-2007-5333 [MEDIUM] CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
rhn_satellite_5.0 tracking bug: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.
For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ
[bug automatically created by: add-tracking-bugs]
Discussion:
[root@rlx-3-18 RPMS]# ls tomcat5-5.0.30-0jpp_9rh.noarch.rpm
tomcat5-5.0.30-0jpp_9rh.noarch.rpm
[root@rlx-3-18 RPMS]# pwd
/tmp/mnt/RPMS
[root@rlx-3-18 RPMS]#
verified
---
This is not a bug. The real issue that was talked about is actually:
private bug Bugzilla Bug 430731: CVE-2007-5461 CVE-2007-3385 CVE-2007-3382
CVE-2007-1358 CVE-2007-1355 CVE-2007
Bugzilla
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F8]
bugzilla·2007-11-02·CVSS 2.6
CVE-2007-1358 [LOW] CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F8]
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F8]
F8 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F7]
bugzilla·2007-06-19·CVSS 2.6
CVE-2007-1358 [LOW] CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F7]
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This is well over 4 months old. Please do an update as soon as possible.
---
tomcat5-5.5.25-1jpp.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [Fdevel]
bugzilla·2007-06-19·CVSS 2.6
CVE-2007-1358 [LOW] CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [Fdevel]
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This is well over 4 months old. Please do an update as soon as possible.
---
This is already fixed in 5.5.25. Closing bug.
Bugzilla
CVE-2007-2449 tomcat examples jsp XSS
bugzilla·2007-06-19·CVSS 4.3
CVE-2007-2449 [MEDIUM] CVE-2007-2449 tomcat examples jsp XSS
CVE-2007-2449 tomcat examples jsp XSS
According to http://tomcat.apache.org/security-5.html
low: Cross-site scripting CVE-2007-2449
JSPs within the examples web application did not escape user provided data
before including it in the output. This enabled a XSS attack. These JSPs now
filter the data before use. This issue may be mitigated by undeploying the
examples web application. Note that it is recommended that the examples web
application is not installed on a production system.
Affects: 5.0.0-5.0.30, 5.5.0-5.5.24
example:
http://host:port/jsp-examples/snp/snoop.jsp;alert()test.jsp
Discussion:
tomcat5-5.5.25-1jpp.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
tomcat5-5.5.25-1jpp.1.fc8 has been
Bugzilla
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [FC6]
bugzilla·2007-06-19·CVSS 2.6
CVE-2007-1358 [LOW] CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [FC6]
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This is well over 4 months old. Please do an update as soon as possible.
---
This is already fixed in 5.5.25. Closing bug.
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/36080http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/26076http://secunia.com/advisories/27037http://secunia.com/advisories/27727http://secunia.com/advisories/29392http://secunia.com/advisories/30802http://secunia.com/advisories/31493http://secunia.com/advisories/33668http://securityreason.com/securityalert/2804http://support.apple.com/kb/HT2163http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0569.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/471351/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/24476http://www.securitytracker.com/id?1018245http://www.vupen.com/english/advisories/2007/2213http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/34869https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/36080http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/26076http://secunia.com/advisories/27037http://secunia.com/advisories/27727http://secunia.com/advisories/29392http://secunia.com/advisories/30802http://secunia.com/advisories/31493http://secunia.com/advisories/33668http://securityreason.com/securityalert/2804http://support.apple.com/kb/HT2163http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.redhat.com/support/errata/RHSA-2007-0569.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/471351/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/24476http://www.securitytracker.com/id?1018245http://www.vupen.com/english/advisories/2007/2213http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/34869https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
2007-06-14
Published