Rapid7 Vulnerability & Exploit Database

ELSA-2007-0569 Moderate: Enterprise Linux tomcat security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2007-0569 Moderate: Enterprise Linux tomcat security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

06/14/2007

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Solution(s)

oracle-linux-upgrade-tomcat5
oracle-linux-upgrade-tomcat5-admin-webapps
oracle-linux-upgrade-tomcat5-common-lib
oracle-linux-upgrade-tomcat5-jasper
oracle-linux-upgrade-tomcat5-jasper-javadoc
oracle-linux-upgrade-tomcat5-jsp-2-0-api
oracle-linux-upgrade-tomcat5-jsp-2-0-api-javadoc
oracle-linux-upgrade-tomcat5-server-lib
oracle-linux-upgrade-tomcat5-servlet-2-4-api
oracle-linux-upgrade-tomcat5-servlet-2-4-api-javadoc
oracle-linux-upgrade-tomcat5-webapps

References

https://attackerkb.com/topics/cve-2007-2449
APPLE-SA-2008-06-30
24475
24476
CVE - 2007-2449
CVE - 2007-2450
DSA-1468
OVAL10578
OVAL11287
RHSA-2007:0569
RHSA-2008:0261
RHSA-2008:0630
http://oss.oracle.com/pipermail/el-errata/2007-July/000269.html
34868
34869

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;