Launchpad.net

CVE 2007-2450

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Related bugs and status

CVE-2007-2450 (Candidate) is related to these bugs:

Bug #150755: [gutsy] UVFe for tomcat5.5 5.5.25-1

Summary				In	Importance	Status
	150755	[gutsy] UVFe for tomcat5.5 5.5.25-1		tomcat5.5 (Ubuntu)	Medium	Fix Released

Bug #175505: [tomcat5] multiple vulnerabilities

		In	Importance	Status
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Dapper)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu)	Undecided	Fix Released
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Dapper)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Gutsy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Gutsy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Hardy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
BID: 24475
SECTRACK: 1018245
SECUNIA: 25678
REDHAT: RHSA-2007:0569
SECUNIA: 26076
OSVDB: 36079
SREASON: 2813
HP: HPSBUX02262
HP: SSRT071447
SECUNIA: 27037
FEDORA: FEDORA-2007-3456
SECUNIA: 27727
MANDRIVA: MDKSA-2007:241
DEBIAN: DSA-1468
SECUNIA: 28549
REDHAT: RHSA-2008:0261
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-06-30
SUNALERT: 239312
SECUNIA: 30802
SECUNIA: 30908
SECUNIA: 30899
JVN: JVN#07100457
CONFIRM: http://community.ca.co...
CONFIRM: http://support.ca.com/...
SECUNIA: 33668
SUSE: SUSE-SR:2009:004
VUPEN: ADV-2007-2213
VUPEN: ADV-2007-3386
VUPEN: ADV-2008-1981
VUPEN: ADV-2008-1979
VUPEN: ADV-2009-0233
XF: tomcat-hostmanager-xss...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070614 [CVE-2007-245...
BUGTRAQ: 20090127 CA20090123-01...
BUGTRAQ: 20090124 CA20090123-01...
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20200213 ...