VulnerableCode Vulnerability Details - VCID-g5zu-bvtd-vua4

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-g5zu-bvtd-vua4

Essentials
Severities (19)
References (6)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-g5zu-bvtd-vua4
Aliases	CVE-2007-4724 GHSA-g77g-vjjm-x83j
Summary	Cross-Site Request Forgery (CSRF) Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352	Cross-Site Request Forgery (CSRF)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00682	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2007-4724
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-g77g-vjjm-x83j
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2007-4724
generic_textual	MODERATE	https://web.archive.org/web/20070911063436/http://securityreason.com/securityalert/3094
generic_textual	MODERATE	https://web.archive.org/web/20081006123851/http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html
generic_textual	MODERATE	https://web.archive.org/web/20200526022330/http://www.securityfocus.com/archive/1/478491/100/0/threaded

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2007-4724
		https://web.archive.org/web/20070911063436/http://securityreason.com/securityalert/3094
		https://web.archive.org/web/20081006123851/http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html
		https://web.archive.org/web/20200526022330/http://www.securityfocus.com/archive/1/478491/100/0/threaded
CVE-2007-4724		https://nvd.nist.gov/vuln/detail/CVE-2007-4724
GHSA-g77g-vjjm-x83j		https://github.com/advisories/GHSA-g77g-vjjm-x83j

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.71567
EPSS Score	0.00682
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:49:58.285720+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-4724.yml	38.0.0