Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
BID:24058
Info
Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 24058 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1355 |
| Remote: | Yes |
| Local: | No |
| Published: | May 19 2007 12:00AM |
| Updated: | Jan 28 2009 12:19AM |
| Credit: | Ferruh Mavituna is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 9 Sun Solaris 10_x86 Sun Solaris 10_sparc Sun Solaris 10 Redhat Red Hat Network Satellite Server 5.0 Redhat Network Satellite (for RHEL 4) 5.1 Redhat Network Satellite (for RHEL 4) 4.2 Redhat Network Satellite (for RHEL 3) 4.2 Redhat Fedora 7 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Computer Associates Cohesion Application Configuration Manager 4.5 Apple Mac OS X Server 10.4.11 Apple Mac OS X 10.4.11 Apache Tomcat 6.0.10 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.7 Apache Tomcat 6.0.6 Apache Tomcat 6.0.5 Apache Tomcat 6.0.4 Apache Tomcat 6.0.3 Apache Tomcat 6.0.2 Apache Tomcat 6.0.1 Apache Tomcat 5.5.23 Apache Tomcat 5.5.22 Apache Tomcat 5.5.21 Apache Tomcat 5.5.20 Apache Tomcat 5.5.19 Apache Tomcat 5.5.18 Apache Tomcat 5.5.17 Apache Tomcat 5.5.16 Apache Tomcat 5.5.15 Apache Tomcat 5.5.14 Apache Tomcat 5.5.13 Apache Tomcat 5.5.12 Apache Tomcat 5.5.11 Apache Tomcat 5.5.10 Apache Tomcat 5.5.9 Apache Tomcat 5.5.8 Apache Tomcat 5.5.7 Apache Tomcat 5.5.6 Apache Tomcat 5.5.5 Apache Tomcat 5.5.4 Apache Tomcat 5.5.3 Apache Tomcat 5.5.2 Apache Tomcat 5.5.1 Apache Tomcat 5.5 Apache Tomcat 5.4 Apache Tomcat 5.3 Apache Tomcat 5.2 Apache Tomcat 5.1 Apache Tomcat 5.0.30 Apache Tomcat 5.0.16 Apache Tomcat 5.0.15 Apache Tomcat 5.0.14 Apache Tomcat 5.0.13 Apache Tomcat 5.0.12 Apache Tomcat 5.0.11 Apache Tomcat 5.0.10 Apache Tomcat 5.0.9 Apache Tomcat 5.0.8 Apache Tomcat 5.0.7 Apache Tomcat 5.0.6 Apache Tomcat 5.0.5 Apache Tomcat 5.0.4 Apache Tomcat 5.0.3 Apache Tomcat 5.0.2 Apache Tomcat 5.0.1 Apache Tomcat 4.1.36 Apache Tomcat 4.1 Apache Tomcat 4.0.6 Apache Tomcat 4.0.5 Apache Tomcat 4.0.4 Apache Tomcat 4.0.3 Apache Tomcat 4.0.2 Apache Tomcat 4.0.1 Apache Tomcat 4.0 Apache Tomcat 5.0 |
| Not Vulnerable: |
Computer Associates Cohesion Application Configuration Manager 4.5 SP1 Apache Tomcat 6.0.11 Apache Tomcat 4.1.37 |
Discussion
Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following Tomcat versions are affected:
4.0.0 to 4.0.6
4.1.0 to 4.1.36
5.0.0 to 5.0.30
5.5.0 to 5.5.23
6.0.0 to 6.0.10
Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following Tomcat versions are affected:
4.0.0 to 4.0.6
4.1.0 to 4.1.36
5.0.0 to 5.0.30
5.5.0 to 5.5.23
6.0.0 to 6.0.10
Exploit / POC
Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
Solution / Fix
Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released fixes to address these issues. Please see the references for more information.
Sun Solaris 9
Sun Solaris 9_x86
Apache Tomcat 6.0.1
Apache Tomcat 6.0.10
Apache Tomcat 6.0.2
Apache Tomcat 6.0.3
Apache Tomcat 6.0.4
Apache Tomcat 6.0.5
Apache Tomcat 6.0.6
Apache Tomcat 6.0.7
Apache Tomcat 6.0.8
Apache Tomcat 6.0.9
Solution:
The vendor has released fixes to address these issues. Please see the references for more information.
Sun Solaris 9
-
Sun 113146-11
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113146-11-1 -
Sun 114016-02
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114016-02-1
Sun Solaris 9_x86
-
Sun 114017-02
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114017-02-1 -
Sun 114145-10
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114145-10-1
Apache Tomcat 6.0.1
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.10
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.2
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.3
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.4
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.5
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.6
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.7
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.8
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
Apache Tomcat 6.0.9
-
Apache apache-tomcat-6.0.13.tar.gz
http://gulus.usherbrooke.ca/pub/appl/apache/tomcat/tomcat-6/v6.0.13/bi n/apache-tomcat-6.0.13.tar.gz
References
Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- About the security content of Security Update 2008-004 and Mac OS X 10.5.4 (Apple)
- Apache Tomcat Homepage (Apache)
- CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) ("Williams, James K"
- HPSBUX02262 SSRT071447 rev. 1 (Hewlett-Packard)
- Tomcat documentation XSS vulnerabilities (Apache)
- CA20090123-01: Security Notice for Cohesion Tomcat (Computer Associates)
- RHSA-2008:0261-4 Moderate: Red Hat Network Satellite Server security update (Red Hat)
- RHSA-2008:0524-4 Red Hat Network Satellite Server security update (Red Hat)
- RHSA-2008:0627-2 Low: Red Hat Network Proxy Server security update (Red Hat)
- Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10 (Sun Microsystems)
- Solution 239312 : Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris (Sun)