Apache Tomcat Hello.jsp XSS

Description

The file hello.jsp is vulnerable to multiple XSS (cross-site scripting) vulnerabilities. This file is part of the Apache Tomcat documentation files which were installed during Tomcat installation.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

Recommendation
Remove Apache Tomcat documentation files from the server.

References
CVE-2007-1355: Tomcat documentation XSS vulnerabilities
Apache Tomcat Security