CVE-2007-4724

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

History

21 Nov 2024, 00:36

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html - () http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html -
References () http://osvdb.org/41029 - () http://osvdb.org/41029 -
References () http://securityreason.com/securityalert/3094 - () http://securityreason.com/securityalert/3094 -
References () http://www.securityfocus.com/archive/1/478491/100/0/threaded - () http://www.securityfocus.com/archive/1/478491/100/0/threaded -

Information

Published : 2007-09-05 19:17

Updated : 2024-11-21 00:36


NVD link : CVE-2007-4724

Mitre link : CVE-2007-4724

CVE.ORG link : CVE-2007-4724


JSON object : View

Products Affected

apache

  • tomcat
CWE
CWE-352

Cross-Site Request Forgery (CSRF)