Apache Tomcat Hello.jsp XSS


The file hello.jsp is vulnerable to multiple XSS (cross-site scripting) vulnerabilities. This file is part of the Apache Tomcat documentation files which were installed during Tomcat installation.

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

Remove Apache Tomcat documentation files from the server.

CVE-2007-1355: Tomcat documentation XSS vulnerabilities
Apache Tomcat Security