CVE Vulnerability

CVE-2007-4724

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://securityreason.com/securityalert/3094
http://osvdb.org/41029
http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html
http://www.securityfocus.com/archive/1/478491/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
Information

Published : 2007-09-05 07:17

Updated : 2018-10-15 09:37

NVD link : CVE-2007-4724

Mitre link : CVE-2007-4724

Products Affected
No products.
CWE
CWE-352