Summary
This host is running Apache Tomcat and is prone to Cross Site Scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application.
Impact Level: Application
Solution
Update your cal2.jsp through SVN.
Revision numbers are 750924 or 750928.
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-4.html
Insight
The issue is due to input validation error in time parameter in 'jsp/cal/cal2.jsp' file in calendar application.
Affected
Apache Tomcat version 4.1.0 to 4.1.39, 5.5.0 to 5.5.27 and 6.0.0 to 6.0.18
References
Severity
Classification
-
CVE CVE-2009-0781 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities