Back to search
CVE-2007-2450
Published: Jun 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://tomcat.apache.org/security-4.html
x_refsource_CONFIRM
30908
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT2163
x_refsource_CONFIRM
239312
vendor-advisory
x_refsource_SUNALERT
36079
vdb-entry
x_refsource_OSVDB
ADV-2008-1981
vdb-entry
x_refsource_VUPEN
30899
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11287
vdb-entry
signature
x_refsource_OVAL
FEDORA-2007-3456
vendor-advisory
x_refsource_FEDORA
ADV-2008-1979
vdb-entry
x_refsource_VUPEN
RHSA-2007:0569
vendor-advisory
x_refsource_REDHAT
20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
mailing-list
x_refsource_BUGTRAQ
1018245
vdb-entry
x_refsource_SECTRACK
33668
third-party-advisory
x_refsource_SECUNIA
20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
28549
third-party-advisory
x_refsource_SECUNIA
20070614 [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager
mailing-list
x_refsource_BUGTRAQ
APPLE-SA-2008-06-30
vendor-advisory
x_refsource_APPLE
ADV-2009-0233
vdb-entry
x_refsource_VUPEN
25678
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2009:004
vendor-advisory
x_refsource_SUSE
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
ADV-2007-3386
vdb-entry
x_refsource_VUPEN
30802
third-party-advisory
x_refsource_SECUNIA
27037
third-party-advisory
x_refsource_SECUNIA
SSRT071447
vendor-advisory
x_refsource_HP
27727
third-party-advisory
x_refsource_SECUNIA
24475
vdb-entry
x_refsource_BID
HPSBUX02262
vendor-advisory
x_refsource_HP
http://tomcat.apache.org/security-5.html
x_refsource_CONFIRM
tomcat-hostmanager-xss(34868)
vdb-entry
x_refsource_XF
DSA-1468
vendor-advisory
x_refsource_DEBIAN
RHSA-2008:0261
vendor-advisory
x_refsource_REDHAT
26076
third-party-advisory
x_refsource_SECUNIA
JVN#07100457
third-party-advisory
x_refsource_JVN
ADV-2007-2213
vdb-entry
x_refsource_VUPEN
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
x_refsource_CONFIRM
MDKSA-2007:241
vendor-advisory
x_refsource_MANDRIVA
2813
third-party-advisory
x_refsource_SREASON
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now