Apache Tomcat crossite scripting updated since 23.07.2007
Published:		04.09.2007
Source:		BUGTRAQ
SecurityVulns ID:		7964
Type:		remote
Level:		5/10
Description:		Crossite scripting in sendmail.jsp, calendar and CookieExample example scripts.

Affected:		APACHE : Tomcat 4.0
		APACHE : Tomcat 4.1
CVE:		CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.)
		CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.)

Original document		tusharvartak_(at)_hotmail.com, Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability (04.09.2007)
		APACHE, CVE-2007-3384: XSS in Tomcat cookies example (03.08.2007)
		Mark Thomas, CVE-2007-3383: XSS in Tomcat send mail example (23.07.2007)

Discuss:

Read or add your comments to this news (0 comments)