Apache.Tomcat.Sendmail.Examples.XSS
Description
When reporting error messages, the SendMailServlet in Apache Tomcat does not filter user supplied data before it is displayed. This makes it possible for remote attackers to launch a Cross-site Scripting (XSS) attack.
Affected Products
The Apache Software Foundation
Versions Affected:
4.0.0 to 4.0.6
4.1.0 to 4.1.36
Impact
Cross-Site Scripting.
Recommended Actions
Undeploy the "Examples" web application.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |