CVE-2007-4724 — Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Description

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

How to fix CVE-2007-4724

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.apache.tomcat:tomcat—no fix listed

Is CVE-2007-4724 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 4.1.31

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-4724
WEBweb.archive.org/web/20070911063436/http://securityreason.com/securityalert/3094
WEBweb.archive.org/web/20081006123851/http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html
WEBweb.archive.org