Apache Tiles Multiple XSS Vulnerability Network Vulnerability

Summary

This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability

Impact

Successful exploitation will let the attacker access the server context inside the tiles web application and perform XSS attacks. Impact Level: System/Application

Solution

Upgrade your Apache Tiles version to 2.1.2 http://tiles.apache.org/download.html

Insight

This flaw is due to attribute values or templates are defined using some JSP tags 'tiles:putAttribute', 'tiles:insertTemplate' are evaluated twice.

Affected

Apache Tiles version 2.1 to 2.1.1

References

http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913
https://issues.apache.org/struts/browse/TILES-351

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1275

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Apache Struts Directory Traversal Vulnerability
Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities