Description
Fixed in Apache Tomcat 6.0.11:
-
moderate: Cross-site scripting CVE-2007-1355
The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output. -
important: Information disclosure CVE-2005-2090
Requests with multiple content-length headers should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which content-length leader to use an attacker can poision a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers.
Affected Apache Tomcat version (6.0.0 - 6.0.10).
Remediation
Upgrade Apache Tomcat to the latest version.
References
Related Vulnerabilities
WordPress Plugin WP TripAdvisor Review Slider SQL Injection (12.6)
WordPress Plugin Like Dislike Counter SQL Injection (1.2.3)
WordPress Plugin BetterOptin Cross-Site Scripting (2.0.2)
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)
WordPress Plugin All-in-One Event Calendar Cross-Site Scripting (2.5.38)