CVE-2007-4724: Apache Tomcat Example Application CSRF and XSS Vulnerabilities
4.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.70675%
CWE
Published
5/1/2022
Updated
9/22/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.tomcat:tomcat | maven | <= 4.1.31 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability explicitly references cal2.jsp
as the entry point for both CSRF (via parameter-driven event creation) and XSS (via unescaped parameter output). The lack of CSRF tokens in requests and absence of output encoding for user-controlled parameters like 'time' and 'description' directly enable these attacks. While no specific Java functions are named in advisories, the JSP's parameter handling logic is the clear vulnerable component.