|Bugzilla:||244804: CVE-2007-2449 tomcat examples jsp XSS|
The MITRE CVE dictionary describes this issue as:
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Red Hat security errata
|Red Hat Application Server v2 4AS (tomcat5)||RHSA-2007:0876||October 11, 2007|
|Red Hat Enterprise Linux version 5 (tomcat5)||RHSA-2007:0569||July 17, 2007|
|Red Hat Satellite 5.0 (RHEL v.4 AS)||RHSA-2008:0261||May 20, 2008|
|Red Hat Satellite 5.1 (RHEL v.4 AS)||RHSA-2008:0630||August 13, 2008|
|Red Hat Satellite v 4.2 (RHEL v.3 AS)||RHSA-2008:0524||June 30, 2008|
|Red Hat Satellite v 4.2 (RHEL v.4 AS)||RHSA-2008:0524||June 30, 2008|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.