Apache Tomcat version older than 6.0.11

Description
  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/><strong>Fixed in Apache Tomcat 6.0.11:</strong><br/><ul> <li> <strong>moderate</strong>: Cross-site scripting CVE-2007-1355<br/> The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output. </li> <li> <strong>important</strong>: Information disclosure CVE-2005-2090<br/> Requests with multiple content-length headers should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which content-length leader to use an attacker can poision a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. </li> </ul><br/> <span class="bb-navy">Affected Apache Tomcat version (6.0.0 - 6.0.10).</span><br/>
Remediation
  • Upgrade Apache Tomcat to the latest version.
References