CVE-2007-2450

NameCVE-2007-2450
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1468-1
NVD severitylow (attack range: remote, user-initiated)
Debian/oldoldstablenot known to be vulnerable.
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat4source(unstable)(unfixed)low
tomcat5source(unstable)(unfixed)low
tomcat5.5source(unstable)5.5.25-1low
tomcat5.5sourceetch5.5.20-2etch2lowDSA-1468-1

Notes

[sarge] - tomcat4 <no-dsa> (Contrib not supported)

Search for package or bug name: Reporting problems