CVE-2007-4724 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=0 <=4.1.31

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00682 pctl0.70721

Details

Apache Tomcat Example Application CSRF and XSS Vulnerabilities Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

Metadata

Created: 2022-05-01T18:26:30Z
Modified: 2023-09-22T21:06:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g77g-vjjm-x83j/GHSA-g77g-vjjm-x83j.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-g77g-vjjm-x83j
Finding: F007
Auto approve: 1