Intrusion Prevention

Apache.Tomcat.JSP.Examples.XSS

Description

There are multiple cross-site scripting vulnerabilities in certain JSP files in the examples web application in Apache Tomcat. To exploit these vulnerabilities remote attackers can inject arbitrary web scripts or HTML via the portion of the URI after the ';' character.

Affected Products

Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13

Impact

Cross Site Scripting.

Recommended Actions

We are not aware of any officially released patch on this issue.

CVE References

CVE-2007-2449