FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tomcat -- XSS vulnerability in sample applications

Affected packages
6.0.0 < apache-tomcat < 6.0.11
5.0.0 < tomcat < 5.5.24
5.0.0 < jakarta-tomcat < 5.5.24

Details

VuXML ID ab2575d6-39f0-11dc-b8cc-000fea449b8a
Discovery 2007-05-19
Entry 2007-07-24

The Apache Project reports:

The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.

[source]

References

Bugtraq ID 24058
CVE Name CVE-2007-1355

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.