Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 4.0.0 |
Related Weaknesses (CWE)
References
- http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
- http://jvn.jp/jp/JVN%2307100457/index.html
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/25678Vendor Advisory
- http://secunia.com/advisories/26076Vendor Advisory
- http://secunia.com/advisories/27037Vendor Advisory
- http://secunia.com/advisories/27727Vendor Advisory
- http://secunia.com/advisories/28549Vendor Advisory
- http://secunia.com/advisories/30802Vendor Advisory
- http://secunia.com/advisories/30899Vendor Advisory
- http://secunia.com/advisories/30908Vendor Advisory
- http://secunia.com/advisories/33668Vendor Advisory
- http://securityreason.com/securityalert/2813
FAQ
What is CVE-2007-2450?
CVE-2007-2450 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 thr...
How severe is CVE-2007-2450?
CVE-2007-2450 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2450?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.