Summary
This host is running Apache Tomcat web server, which is prone to cross site scripting and security bypass vulnerabilities.
Impact
Successful exploitation could cause execution of arbitrary HTML code, script code, and information disclosure.
Impact Level : Application.
Solution
Upgrade to higher version of 4.x, 5.x, or 6.x series.
http://tomcat.apache.org/
Insight
The flaws are due to,
- input validation error in the method HttpServletResponse.sendError() which fails to properly sanitise before being returned to the user in the HTTP Reason-Phrase.
- the application fails to normalize the target path before removing the query string when using a RequestDispatcher.
Affected
Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26, and 6.0.0 - 6.0.16 on All Platforms.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1232, CVE-2008-2370 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Tiles Multiple XSS Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities