Intrusion Prevention

Apache.Tomcat.Sendmail.Examples.XSS

Description

When reporting error messages, the SendMailServlet in Apache Tomcat does not filter user supplied data before it is displayed. This makes it possible for remote attackers to launch a Cross-site Scripting (XSS) attack.

Affected Products

The Apache Software Foundation
Versions Affected:
4.0.0 to 4.0.6
4.1.0 to 4.1.36

Impact

Cross-Site Scripting.

Recommended Actions

Undeploy the "Examples" web application.

CVE References

CVE-2007-3383