CVE-2007-2450Cross-site Scripting in Apache Tomcat

CWE-79Cross-site Scripting14 documents6 sources
Severity
3.5LOWNVD
EPSS
1.2%
top 20.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJun 14
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat87 versions+86

Patches

Patch: tomcat.apache.orgPatch: tomcat.apache.orgPatch: tomcat.apache.org

🔴Vulnerability Details

3
OSV
Apache Tomcat vulnerable to Cross-site Scripting2022-05-01
GHSA
Apache Tomcat vulnerable to Cross-site Scripting2022-05-01
CVEList
CVE-2007-2450: Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 42007-06-14

📋Vendor Advisories

1
Red Hat
tomcat host manager XSS2007-06-13

💬Community

9
Bugzilla
CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F8]2007-11-02
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F8]2007-11-01
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [FC6]2007-10-16
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [Fdevel]2007-10-16
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F7]2007-10-16
CVE-2007-2450 — Cross-site Scripting in Apache Tomcat | cvebase