Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache Tomcat 4.1.37:
  • important: Information disclosure CVE-2005-3164
    If a client specifies a Content-Length but disconnects before sending any of the request body, the deprecated AJP connector processes the request using the request body of the previous request. Users are advised to use the default, supported Coyote AJP connector which does not exhibit this issue.
  • moderate: Cross-site scripting CVE-2007-1355
    The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.
  • low: Cross-site scripting CVE-2007-2449
    JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system.
  • low: Cross-site scripting CVE-2007-2450
    The Manager web application did not escape user provided data before including it in the output. This enabled a XSS attack. This applciation now filters the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed.
  • low: Session hi-jacking CVE-2007-3382
    Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.
  • low: Cross-site scripting CVE-2007-3383
    When reporting error messages, the SendMailServlet (part of the examples web application) did not escape user provided data before including it in the output. This enabled a XSS attack. This Servlet now filters the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system.
  • low: Session hi-jacking CVE-2007-3385
    Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.
  • low: Session hi-jacking CVE-2007-5333
    The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value.
  • low: Information disclosure CVE-2007-5461
    When Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned to the client.

Affected Apache Tomcat version (4.1.0 - 4.1.36).

Remediation

Upgrade Apache Tomcat to the latest version.

References

Related Vulnerabilities