Oval Definition:oval:org.opensuse.security:def:20072449
Revision Date:2015-11-16Version:1
Title:CVE-2007-2449
Description:
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2007-2449
Platform(s):Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
Open Enterprise Server
openSUSE 10.3
SUSE LINUX 10.1
Product(s):
Definition Synopsis
  • Release Information
  • sles9-nld-sdk is installed
  • AND jakarta-tomcat less than 5.0.19-29.13
  • OR
  • sles9-oes is installed
  • apache-jakarta-tomcat-connectors less than 5.0.19-29.13
  • OR apache2-jakarta-tomcat-connectors less than 5.0.19-29.13
  • OR jakarta-tomcat-doc less than 5.0.19-29.13
  • OR jakarta-tomcat-examples less than 5.0.19-29.13
  • OR jakarta-tomcat less than 5.0.19-29.13
  • OR Package Information
  • suse101 is installed
  • AND
  • tomcat5-admin-webapps less than 5.0.30-27.26
  • OR tomcat5-webapps less than 5.0.30-27.26
  • OR tomcat5 less than 5.0.30-27.26
    • BACK