Apache · Apache Tomcat · CVE-2007-4724
Name of the Vulnerable Software and Affected Versions:
Apache Tomcat version 4.1.31
Description:
A cross-site request forgery issue exists in the calendar examples application, specifically in cal2.jsp. This allows remote attackers to add events as arbitrary users by manipulating the `time` and `description` parameters.
Recommendations:
For Apache Tomcat version 4.1.31, as a temporary workaround, consider restricting access to the cal2.jsp page in the calendar examples application until a patch is available. Avoid using the `time` and `description` parameters in the affected page until the issue is resolved.