CVE-2007-2450 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6 4.1.0 through 4.1.36 5.0.0 through 5.0.30 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload and other unspecified vectors.

Reference

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://jvn.jp/jp/JVN2307100457/index.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/25678 http://secunia.com/advisories/26076 http://secunia.com/advisories/27037 http://secunia.com/advisories/27727 http://secunia.com/advisories/28549 http://secunia.com/advisories/30802 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://secunia.com/advisories/33668 http://securityreason.com/securityalert/2813 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://support.apple.com/kb/HT2163 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.debian.org/security/2008/dsa-1468 http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 http://www.osvdb.org/36079 http://www.redhat.com/support/errata/RHSA-2007-0569.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securityfocus.com/archive/1/471357/100/0/threaded http://www.securityfocus.com/archive/1/500396/100/0/threaded http://www.securityfocus.com/archive/1/500412/100/0/threaded http://www.securityfocus.com/bid/24475 http://www.securitytracker.com/id?1018245 http://www.vupen.com/english/advisories/2007/2213 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2008/1979/references http://www.vupen.com/english/advisories/2008/1981/references http://www.vupen.com/english/advisories/2009/0233 https://exchange.xforce.ibmcloud.com/vulnerabilities/34868 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@3Cdev.tomcat.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11287 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Share on: