Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.111014
Category:Web application abuses
Title:Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
Summary:This host is running Apache Tomcat and is prone to Cross Site Scripting; vulnerability.
Description:Summary:
This host is running Apache Tomcat and is prone to Cross Site Scripting
vulnerability.

Vulnerability Impact:
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users
in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Affected Software/OS:
Apache Tomcat version 4.0.1 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.23 and 6.0.0 to 6.0.10

Solution:
Update your Apache Tomcat to a non-affected version.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: BugTraq ID: 24476
Common Vulnerability Exposure (CVE) ID: CVE-2007-1355
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
BugTraq ID: 24058
http://www.securityfocus.com/bid/24058
Bugtraq: 20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/469067/100/0/threaded
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
http://www.securityfocus.com/archive/1/500412/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
http://osvdb.org/34875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
http://www.redhat.com/support/errata/RHSA-2008-0261.html
RedHat Security Advisories: RHSA-2008:0630
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/27037
http://secunia.com/advisories/27727
http://secunia.com/advisories/30802
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/31493
http://secunia.com/advisories/33668
http://securityreason.com/securityalert/2722
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2008/1981/references
http://www.vupen.com/english/advisories/2009/0233
XForce ISS Database: tomcat-hello-xss(34377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34377
CopyrightCopyright (C) 2015 SCHUTZWERK GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.