2
Candidate: CVE-2007-2449
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449
6
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in
7
the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0
8
through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0
9
through 6.0.13 allow remote attackers to inject arbitrary web script or
10
HTML via the portion of the URI after the ';' character, as demonstrated by
11
a URI containing a "snp/snoop.jsp;" sequence.
20
dapper_tomcat4: ignored (reached end-of-life)
21
edgy_tomcat4: needed (reached end-of-life)