Public Date:
244804: CVE-2007-2449 tomcat examples jsp XSS

The MITRE CVE dictionary describes this issue as:

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '&#59;' character, as demonstrated by a URI containing a "snp/snoop.jsp&#59;" sequence.

Find out more about CVE-2007-2449 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Satellite 5.1 (RHEL v.4 AS) RHSA-2008:0630 2008-08-13
Red Hat Application Server v2 4AS (tomcat5) RHSA-2007:0876 2007-10-11
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat Enterprise Linux version 5 (tomcat5) RHSA-2007:0569 2007-07-17