Computer Security

Apache Tomcat crossite scripting
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Apache Tomcat crossite scripting
updated since 23.07.2007
Published:04.09.2007
Source:BUGTRAQ
SecurityVulns ID:7964
Type:remote
Level:5/10
Description:Crossite scripting in sendmail.jsp, calendar and CookieExample example scripts.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
CVE:CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.)
 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.)
Original documentdocumenttusharvartak_(at)_hotmail.com, Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability (04.09.2007)
 documentAPACHE, CVE-2007-3384: XSS in Tomcat cookies example (03.08.2007)
 documentMark Thomas, CVE-2007-3383: XSS in Tomcat send mail example (23.07.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru