CVE-2007-4724Cross-Site Request Forgery in Apache Tomcat

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedSep 5
Latest updateMay 1

Description

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat4.1.31

🔴Vulnerability Details

3
OSV
Apache Tomcat Example Application CSRF and XSS Vulnerabilities2022-05-01
GHSA
Apache Tomcat Example Application CSRF and XSS Vulnerabilities2022-05-01
CVEList
CVE-2007-4724: Cross-site request forgery (CSRF) vulnerability in cal22007-09-05
CVE-2007-4724 — Cross-Site Request Forgery in Apache | cvebase