Mailing List Archive: Bugtraq: Bugtraq

[CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples

Index | Next | Previous | View Threaded

markt at apache

Jun 13, 2007, 7:24 PM

Post #1 of 2 (1569 views)
Permalink

[CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples

Severity: low (cross-site scripting)

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13

Description:
The JSP examples web application displays does not escape some user
provided data before including it in the output. This enables a XSS
attack.

Mitigation:
1. Undeploy the examples web application(s).

Example:
http://host:port/jsp-examples/snp/snoop.jsp;<script>alert()</script>test.jsp

Credit:
These issues were discovered by an unknown security researcher and
reported to JPCERT.

References:
http://tomcat.apache.org/security.html

Mark Thomas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGcKbJb7IeiTPGAkMRAi9BAKDsuoomGh2n9BYl7mT/tGEjQ+HIlQCdHjnU
zdreMwViLR/bDBnys5YkhPk=
=SK7+
-----END PGP SIGNATURE-----

linlei99 at hotmail

Jan 16, 2008, 2:40 PM

Post #2 of 2 (1438 views)
Permalink

Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples [In reply to]

Hello, I inputed the example string from IE and Firefox, but it doesn't work. The Tomcat version is 5.5.23.

It just displayed what I typed.

...
Request URI: /jsp-examples/snp/snoop.jsp;%3Cscript%3Ealert()%3C/script%3Etest.jsp
...

Can anybody help me?

Thanks a lot.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com