Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache Tomcat 6.0.11:
  • moderate: Cross-site scripting CVE-2007-1355
    The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.
  • important: Information disclosure CVE-2005-2090
    Requests with multiple content-length headers should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which content-length leader to use an attacker can poision a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers.

Affected Apache Tomcat version (6.0.0 - 6.0.10).

Remediation

Upgrade Apache Tomcat to the latest version.

References

Apache Tomcat 6.x vulnerabilities

Related Vulnerabilities

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)

Lighttpd Other Vulnerability (CVE-2007-3947)

Oracle Database Server CVE-2017-10282 Vulnerability (CVE-2017-10282)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1893)

WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Multiple Cross-Site Request Forgery Vulnerabilities (1.1.4)

Severity

Medium

Classification

CVE-2005-2090 CVE-2007-1355 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Missing Update XSS