Apache Tiles Multiple XSS Vulnerability Network Vulnerability

Summary

This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability

Impact

Successful exploitation will let the attacker access the server context inside the tiles web application and perform XSS attacks. Impact Level: System/Application

Solution

Upgrade your Apache Tiles version to 2.1.2 http://tiles.apache.org/download.html

Insight

This flaw is due to attribute values or templates are defined using some JSP tags 'tiles:putAttribute', 'tiles:insertTemplate' are evaluated twice.

Affected

Apache Tiles version 2.1 to 2.1.1

References

http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913
https://issues.apache.org/struts/browse/TILES-351

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1275
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Apache CouchDB Cross Site Request Forgery Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Adobe JRun Management Console Multiple Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities