CVE-2007-4724

Published Sep 5, 2007

Last updated 6 years ago

Overview

Description: Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Vendor comments

ApacheThis name is a duplicate of CVE-2006-7196. This issue was fixed in Apache Tomcat 4.1.32 and 5.5.16.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References