Summary
This host is running Apache Tomcat and is prone to Cross Site Scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application.
Impact Level: Application
Solution
Update your cal2.jsp through SVN.
Revision numbers are 750924 or 750928.
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-4.html
Insight
The issue is due to input validation error in time parameter in 'jsp/cal/cal2.jsp' file in calendar application.
Affected
Apache Tomcat version 4.1.0 to 4.1.39, 5.5.0 to 5.5.27 and 6.0.0 to 6.0.18
References
Severity
Classification
-
CVE CVE-2009-0781 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Afian 'includer.php' Directory Traversal Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability