BID:25314

Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability

Info

Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability

Bugtraq ID:	25314
Class:	Input Validation Error
CVE:	CVE-2007-3386
Remote:	Yes
Local:	No
Published:	Aug 14 2007 12:00AM
Updated:	Feb 18 2009 06:57PM
Credit:	NTT OSS CENTER discovered this issue and worked with JPCERT/CC to report it to the vendor.
Vulnerable:	SuSE SUSE Linux Enterprise Server 10 SP2 Redhat Fedora 7 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 HP Tru64 UNIX 5.1B-4 HP Tru64 UNIX 5.1.0 PK6 HP Tru64 UNIX 5.1.0 B-4 HP Tru64 UNIX 5.1.0 B-3 HP Internet Express 6.7 HP Internet Express 6.6 HP Internet Express 6.5 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Computer Associates Cohesion Application Configuration Manager 4.5 Apache Tomcat 6.0.13 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.10 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.7 Apache Tomcat 6.0.6 Apache Tomcat 6.0.5 Apache Tomcat 6.0.4 Apache Tomcat 6.0.3 Apache Tomcat 6.0.2 Apache Tomcat 6.0.1 Apache Tomcat 6.0 Apache Tomcat 5.5.24 Apache Tomcat 5.5.23 Apache Tomcat 5.5.22 Apache Tomcat 5.5.21 Apache Tomcat 5.5.20 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Tomcat 5.5.19 Apache Tomcat 5.5.18 Apache Tomcat 5.5.17 Apache Tomcat 5.5.16 Apache Tomcat 5.5.15 Apache Tomcat 5.5.14 Apache Tomcat 5.5.13 Apache Tomcat 5.5.12 Apache Tomcat 5.5.11 Apache Tomcat 5.5.10 Apache Tomcat 5.5.9 Apache Tomcat 5.5.8 Apache Tomcat 5.5.7 Apache Tomcat 5.5.6 Apache Tomcat 5.5.5 Apache Tomcat 5.5.4 Apache Tomcat 5.5.3 Apache Tomcat 5.5.2 Apache Tomcat 5.5.1 Apache Tomcat 5.5

Not Vulnerable:	Computer Associates Cohesion Application Configuration Manager 4.5 SP1 Apache Tomcat 6.0.14

Discussion

Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability

Apache Tomcat Host Manager Servlet is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.

Apache Tomcat 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13 are affected.

Exploit / POC

Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability

Attackers exploit this issue by enticing users to visit a malicious URI.

The following proof-of-concept web page is available:

/data/vulnerabilities/exploits/25314.html

Solution / Fix

Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

Apache Tomcat 5.5