Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache Tomcat 5.5.25:
  • low: Cross-site scripting CVE-2007-2449
    JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system.
  • low: Cross-site scripting CVE-2007-2450
    The Manager and Host Manager web applications did not escape user provided data before including it in the output. This enabled a XSS attack. These applications now filter the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed.
  • low: Session hi-jacking CVE-2007-3382
    Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.
  • low: Session hi-jacking CVE-2007-3385
    Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.
  • low: Cross-site scripting CVE-2007-3386
    The Host Manager Servlet did not filter user supplied data before display. This enabled an XSS attack.

Affected Apache Tomcat version (5.5.0 - 5.5.24).

Remediation

Upgrade Apache Tomcat to the latest version.

References

Related Vulnerabilities