Description

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

Remediation

References

CVE-2007-4724

Related Vulnerabilities

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0063)

easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1403)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4850)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-39112)

Severity

Medium

Classification

CVE-2007-4724 CWE-352

Tags

Missing Update Known Vulnerabilities