CVE-2007-2449
Apache Tomcat XSS Vulnerabilities in Examples Web Application
EPSS 52.1%
Description
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the `;` character, as demonstrated by a URI containing a `snp/snoop.jsp;` sequence.
How to fix CVE-2007-2449
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2007-2449 being exploited?
Likely — EPSS is 52.1%, placing CVE-2007-2449 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- >= 4.0.0, <= 4.0.6