Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache Tomcat 6.0.18:
  • low: Cross-site scripting CVE-2008-1232
    The message argument of HttpServletResponse.sendError() call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted message to result in arbitrary content being injected into the HTTP response. For a successful XSS attack, unfiltered user supplied data must be included in the message argument.
  • low: Cross-site scripting CVE-2008-1947
    The Host Manager web application did not escape user provided data before including it in the output. This enabled a XSS attack. This application now filters the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed.
  • important: Information disclosure CVE-2008-2370
    When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.

Affected Apache Tomcat version (6.0.0 - 6.0.16).

Remediation

Upgrade Apache Tomcat to the latest version.

References

Apache Tomcat 6.x vulnerabilities

Related Vulnerabilities

WordPress Plugin WP Vault Local File Inclusion (0.8.6.6)

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

WordPress Plugin Bitcoin/Altcoin Faucet Cross-Site Request Forgery (1.6.0)

WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.7)

WordPress Plugin Simple File List Arbitrary File Download (3.2.7)

Severity

Medium

Classification

CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update XSS