CVE-2007-4724

high

Description

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

References

http://www.securityfocus.com/archive/1/478491/100/0/threaded

http://securityreason.com/securityalert/3094

http://osvdb.org/41029

http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html

Details

Source: Mitre, NVD

Published: 2007-09-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00682