Description
This alert was generated using only banner information. It may be a false positive.
Fixed in Apache Tomcat 5.5.25:
-
low: Cross-site scripting CVE-2007-2449
JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system. -
low: Cross-site scripting CVE-2007-2450
The Manager and Host Manager web applications did not escape user provided data before including it in the output. This enabled a XSS attack. These applications now filter the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed. -
low: Session hi-jacking CVE-2007-3382
Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker. -
low: Session hi-jacking CVE-2007-3385
Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker. -
low: Cross-site scripting CVE-2007-3386
The Host Manager Servlet did not filter user supplied data before display. This enabled an XSS attack.
Affected Apache Tomcat version (5.5.0 - 5.5.24).
Remediation
Upgrade Apache Tomcat to the latest version.