CVE Kennung:	CVE-2007-2449
Beschreibung:	Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Test Kennungen:	1.3.6.1.4.1.25623.1.0.59876   1.3.6.1.4.1.25623.1.0.59877   1.3.6.1.4.1.25623.1.0.122674
Querverweise:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2449 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html BugTraq ID: 24476 http://www.securityfocus.com/bid/24476 Bugtraq: 20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples (Google Search) http://www.securityfocus.com/archive/1/471351/100/0/threaded Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/500396/100/0/threaded Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search) http://www.securityfocus.com/archive/1/500412/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E http://osvdb.org/36080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578 RedHat Security Advisories: RHSA-2007:0569 http://www.redhat.com/support/errata/RHSA-2007-0569.html RedHat Security Advisories: RHSA-2008:0261 http://www.redhat.com/support/errata/RHSA-2008-0261.html RedHat Security Advisories: RHSA-2008:0630 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://www.securitytracker.com/id?1018245 http://secunia.com/advisories/26076 http://secunia.com/advisories/27037 http://secunia.com/advisories/27727 http://secunia.com/advisories/29392 http://secunia.com/advisories/30802 http://secunia.com/advisories/31493 http://secunia.com/advisories/33668 http://securityreason.com/securityalert/2804 SuSE Security Announcement: SUSE-SR:2008:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://www.vupen.com/english/advisories/2007/2213 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2008/1981/references http://www.vupen.com/english/advisories/2009/0233 XForce ISS Database: tomcat-example-xss(34869) https://exchange.xforce.ibmcloud.com/vulnerabilities/34869