Detections
Analytics
Apache Tomcat 3.x < 3.2.2 JSP Error Condition XSS
medium Nessus Plugin ID 50448
Language:
Synopsis
The remote Apache Tomcat server is affected by a cross-site scripting vulnerability.Description
The instance of Apache Tomcat 3.x listening on the remote host is affected by a cross-site scripting vulnerability. An attacker is able to embed JavaScript into a request for a JSP file creating an error condition. The request is not sanitized before being displayed on the application error page.Solution
Update to Apache Tomcat version 3.2.2 or later.See Also
http://tomcat.apache.org/security-3.html#Fixed_in_Apache_Tomcat_3.2.2
https://www.mail-archive.com/[email protected]/msg06679.html
Plugin Details
Severity: Medium
ID: 50448
File Name: tomcat_3_2_2.nasl
Version: 1.14
Type: remote
Family: Web Servers
Published: 11/2/2010
Updated: 5/6/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Temporal Score: 3.8
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apache:tomcat:3
Required KB Items: installed_sw/Apache Tomcat
Exploit Ease: No known exploits are available
Patch Publication Date: 8/30/2002
Vulnerability Publication Date: 3/17/2001
Reference Information
CVE: CVE-2001-0829
BID: 2982