| VID |
22111 |
| Severity |
30 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Apache Tomcat is vulnerable XSS attacks by issueing requests for the /servlet/ mapping.
The Apache Tomcat Servlet Server has a couple of Cross Site Scripting vulnerabilities.
Apache Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies.
By using the /servlet/ mapping to invoke various servlets / classes it is possible to cause Tomcat to throw an exception, allowing Cross Site Scripting (XSS) attacks, e.g:
tomcat-server/servlet/org.apache.catalina.servlets.WebdavStatus/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.ContainerServlet/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.Context/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.Globals/SCRIPTalert(document.domain)/SCRIPT
(angle brackets omitted)
* References:
http://tomcat.apache.org/security-4.html
http://www.securiteam.com/windowsntfocus/5KP0L007FI.html
Platforms Affected:
* Apache Tomcat v4.0.3
* Windows NT/2000
* Linux |
| Recommendation |
The 'invoker' servlet (mapped to /servlet/), which executes anonymous servlet classes that have not been defined in a web.xml file should be unmapped.
The entry for this can be found in the /tomcat-install-dir/conf/web.xml file. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
