Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities

Summary
This host is running Apache Tomcat web server, which is prone to cross site scripting and security bypass vulnerabilities.
Impact
Successful exploitation could cause execution of arbitrary HTML code, script code, and information disclosure. Impact Level : Application.
Solution
Upgrade to higher version of 4.x, 5.x, or 6.x series. http://tomcat.apache.org/
Insight
The flaws are due to, - input validation error in the method HttpServletResponse.sendError() which fails to properly sanitise before being returned to the user in the HTTP Reason-Phrase. - the application fails to normalize the target path before removing the query string when using a RequestDispatcher.
Affected
Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26, and 6.0.0 - 6.0.16 on All Platforms.
References