What is CVE-2007-2449?

CVE-2007-2449 is a vulnerability in N/a. Published 2007-06-14.

Is CVE-2007-2449 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2007-2449

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow…

EPSS: 0.521 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
support.apple.com/kb/HT2163 (x_refsource_CONFIRM)
RHSA-2008:0630 (x_refsource_REDHAT, vendor-advisory)
ADV-2008-1981 (vdb-entry, x_refsource_VUPEN)
FEDORA-2007-3456 (vendor-advisory, x_refsource_FEDORA)
24476 (vdb-entry, x_refsource_BID)
31493 (x_refsource_SECUNIA, third-party-advisory)
20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples (mailing-list, x_refsource_BUGTRAQ)
2804 (x_refsource_SREASON, third-party-advisory)
RHSA-2007:0569 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2007-2449?: CVE-2007-2449 is a vulnerability in N/a. Published 2007-06-14.
Is CVE-2007-2449 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.