Novell Home

CVE-2007-2449

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2007-2449 at MITRE

Details

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Novell Bugzilla entry: 292414,427726

SUSE Security Advisories:

Product(s) Fixed package version(s) References
openSUSE 10.3
  • tomcat55 >= 5.5.23-113.5
  • tomcat55-admin-webapps >= 5.5.23-113.5
  • tomcat55-common-lib >= 5.5.23-113.5
  • tomcat55-jasper >= 5.5.23-113.5
  • tomcat55-jasper-javadoc >= 5.5.23-113.5
  • tomcat55-jsp-2_0-api >= 5.5.23-113.5
  • tomcat55-jsp-2_0-api-javadoc >= 5.5.23-113.5
  • tomcat55-server-lib >= 5.5.23-113.5
  • tomcat55-servlet-2_4-api >= 5.5.23-113.5
  • tomcat55-servlet-2_4-api-javadoc >= 5.5.23-113.5
  • tomcat55-webapps >= 5.5.23-113.5
SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries
SuSE Linux Enterprise Server 8 for x86
  • jakarta-tomcat >= 4.0.4-438
Builds
YOU Patch Nr: 12115
Novell Linux POS 9
Open Enterprise Server
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
  • apache-jakarta-tomcat-connectors >= 5.0.19-29.13
  • apache2-jakarta-tomcat-connectors >= 5.0.19-29.13
  • jakarta-tomcat >= 5.0.19-29.13
  • jakarta-tomcat-doc >= 5.0.19-29.13
  • jakarta-tomcat-examples >= 5.0.19-29.13
Builds
YOU Patch Nr: 12116
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
  • jakarta-tomcat >= 5.0.19-29.13
Builds
YOU Patch Nr: 12116
SLE SDK 10 SP1 for IBM iSeries and IBM pSeries
SLE SDK 10 SP1 for IBM zSeries
SLE SDK 10 SP1 for IPF
SLE SDK 10 SP1 for X86-64
SLE SDK 10 SP1 for x86
SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP1 for IBM POWER
SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP1 for IPF
SUSE Linux Enterprise Server 10 SP1 for x86
  • tomcat5 >= 5.0.30-27.26
  • tomcat5-admin-webapps >= 5.0.30-27.26
  • tomcat5-webapps >= 5.0.30-27.26
Builds
ZYPP Patch Nr: 5070
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP2 for IPF
SUSE Linux Enterprise Server 10 SP2 for x86
  • websphere-as_ce >= 2.1.0.1-3.3
sles10-sp2. s390x
sles10-sp2. x86
sles10-sp2. x86-64
sles10-sp2. ia64
sles10-sp2. ppc
ZYPP Patch Nr: 5850
SUSE LINUX 10.1
  • tomcat5 >= 5.0.30-27.26
  • tomcat5-admin-webapps >= 5.0.30-27.26
  • tomcat5-webapps >= 5.0.30-27.26
openSUSE 10.2
  • tomcat5 >= 5.0.30-62
  • tomcat5-admin-webapps >= 5.0.30-62
  • tomcat5-webapps >= 5.0.30-62

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.