Launchpad.net

CVE 2007-2449

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Related bugs and status

CVE-2007-2449 (Candidate) is related to these bugs:

Bug #150755: [gutsy] UVFe for tomcat5.5 5.5.25-1

Summary				In	Importance	Status
	150755	[gutsy] UVFe for tomcat5.5 5.5.25-1		tomcat5.5 (Ubuntu)	Medium	Fix Released

Bug #175505: [tomcat5] multiple vulnerabilities

		In	Importance	Status
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Dapper)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu)	Undecided	Fix Released
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Dapper)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Gutsy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Gutsy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Hardy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-2449

Related bugs and status

Related bugs

References