VYPR
Moderate severityNVD Advisory· Published Jun 14, 2007· Updated Jun 16, 2026

CVE-2007-2449

CVE-2007-2449

Description

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 4.0.0, <= 4.0.6
org.apache.tomcat:tomcatMaven
>= 5.0.0, <= 5.0.30
org.apache.tomcat:tomcatMaven
>= 5.5.0, <= 5.5.24
org.apache.tomcat:tomcatMaven
>= 6.0.0, <= 6.0.13

Affected products

74
  • Apache/Tomcat73 versions
    cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*+ 72 more
    • cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*range: <=4.1.36
    • cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 4.0.0, <= 4.0.6

Patches

Vulnerability mechanics

References

47

News mentions

0

No linked articles in our index yet.