Home > Vulnerability Database > CVE-2007-2450

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-2450

Date: June 14, 2007

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Severity Score

3.1

Related Resources (65)

Url: http://secunia.com/advisories/26076

Url: http://www.securitytracker.com/id?1018245

Url: http://www.osvdb.org/36079

Url: https://web.archive.org/web/20071203205513/http://secunia.com/advisories/25678

Url: http://secunia.com/advisories/30899

Url: http://support.apple.com/kb/HT2163

Url: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Url: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

Url: https://web.archive.org/web/20080724125033/http://secunia.com/advisories/27037

Url: https://github.com/apache/tomcat

Url: http://www.debian.org/security/2008/dsa-1468

Url: http://secunia.com/advisories/27037

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

Url: http://www.vupen.com/english/advisories/2009/0233

Url: https://web.archive.org/web/20080324012730/http://secunia.com/advisories/28549

Url: https://web.archive.org/web/20080801204240/http://secunia.com/advisories/30899

Url: http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Url: http://securityreason.com/securityalert/2813

Url: https://web.archive.org/web/20080320042501/http://secunia.com/advisories/27727

Url: http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Url: http://secunia.com/advisories/27727

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Url: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Url: http://www.redhat.com/support/errata/RHSA-2007-0569.html

Url: http://secunia.com/advisories/30802

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

Url: https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded

Url: http://www.securityfocus.com/bid/24475

Url: http://secunia.com/advisories/33668

Url: https://web.archive.org/web/20120809122231/http://secunia.com/advisories/30908

Url: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Url: http://tomcat.apache.org/security-5.html

Url: http://www.vupen.com/english/advisories/2007/3386

Url: https://web.archive.org/web/20090623202429/http://secunia.com/advisories/33668

Url: http://www.vupen.com/english/advisories/2008/1979/references

Url: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Url: http://www.vupen.com/english/advisories/2007/2213

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/34868

Url: http://secunia.com/advisories/25678

Url: http://www.vupen.com/english/advisories/2008/1981/references

Url: http://secunia.com/advisories/28549

Url: https://web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074

Url: https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded

Url: http://jvn.jp/jp/JVN%2307100457/index.html

Url: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

Url: http://tomcat.apache.org/security-4.html

Url: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Url: https://web.archive.org/web/20080801210056/http://secunia.com/advisories/30802

Url: https://web.archive.org/web/20080413164556/http://securitytracker.com/alerts/2007/Jun/1018245.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287

Url: http://www.securityfocus.com/archive/1/471357/100/0/threaded

Url: https://access.redhat.com/security/cve/CVE-2007-2450

Url: http://www.securityfocus.com/archive/1/500412/100/0/threaded

Url: https://web.archive.org/web/20080212014926/http://secunia.com/advisories/26076

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-2450

Url: http://www.securityfocus.com/archive/1/500396/100/0/threaded

Url: http://tomcat.apache.org/security-6.html

Url: https://web.archive.org/web/20200229180652/http://www.securityfocus.com/bid/24475

Url: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

Url: https://github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686

Url: http://www.redhat.com/support/errata/RHSA-2008-0261.html

Url: https://web.archive.org/web/20200809062244/http://www.securityfocus.com/archive/1/471357/100/0/threaded

Url: http://secunia.com/advisories/30908

Url: https://www.mend.io/vulnerability-database/CVE-2007-2450

Severity Score

3.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us