Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability

Bugtraq ID: 24475
Class: Input Validation Error
CVE: CVE-2007-2450
Remote: Yes
Local: No
Published: Jun 12 2007 12:00AM
Updated: Jul 06 2010 06:48PM
Credit: Daiki Fukumori is credited with the discovery of this vulnerability.
Vulnerable: SuSE SUSE Linux Enterprise Server 10 SP2
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 10_x86
Sun Solaris 10_sparc
Redhat Red Hat Network Satellite Server 5.0
Redhat Network Satellite (for RHEL 4) 4.2
Redhat Network Satellite (for RHEL 3) 4.2
Redhat Fedora 7
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Novell ZENworks Linux Management 7.3
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Computer Associates Cohesion Application Configuration Manager 4.5
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.5
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 5.5.24
Apache Tomcat 5.5.23
Apache Tomcat 5.5.22
Apache Tomcat 5.5.21
Apache Tomcat 5.5.20
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 5.5.19
Apache Tomcat 5.5.18
Apache Tomcat 5.5.17
Apache Tomcat 5.5.16
Apache Tomcat 5.5.15
Apache Tomcat 5.5.14
Apache Tomcat 5.5.13
Apache Tomcat 5.5.12
Apache Tomcat 5.5.11
Apache Tomcat 5.5.10
Apache Tomcat 5.5.2
Apache Tomcat 5.5.1
Apache Tomcat 5.5
Apache Tomcat 5.0.30
Apache Tomcat 5.0.16
Apache Tomcat 5.0.15
Apache Tomcat 5.0.14
Apache Tomcat 5.0.13
Apache Tomcat 5.0.12
Apache Tomcat 5.0.11
Apache Tomcat 5.0.10
Apache Tomcat 5.0.3
Apache Tomcat 5.0.2
Apache Tomcat 5.0.1
Apache Tomcat 4.1.36
Apache Tomcat 4.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.3
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.5
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- Redhat Linux 6.2 i386
- Redhat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Tomcat 4.0.6
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 4.0.5
+ Redhat Stronghold 4.0
Apache Tomcat 4.0.4
Apache Tomcat 4.0.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Apache Tomcat 4.0.2
Apache Tomcat 4.0.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- Redhat Linux 6.2 i386
- Redhat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Tomcat 4.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- Redhat Linux 6.2 i386
- Redhat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Tomcat 5.0
Not Vulnerable: Computer Associates Cohesion Application Configuration Manager 4.5 SP1
Apple Mac OS X Server 10.5.4
Apple Mac OS X 10.5.4


 

Privacy Statement
Copyright 2010, SecurityFocus