CVE-2007-4724

Published: Sep 5, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

Affected (1)

Products: Apache: Tomcat

Apache

1 product

Tomcat

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 4.1.31

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html

Source: cve@mitre.org

http://osvdb.org/41029

Source: cve@mitre.org

http://securityreason.com/securityalert/3094

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/478491/100/0/threaded

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/41029

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/3094

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/478491/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.