|
|
|
 |
Vulnerability Note VU#862600Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM fieldOverviewThe example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field.I. DescriptionApache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat includes a sample page called SendMailServlet, which is provided by sendmail.jsp. This page fails to properly validate input to the "From" field, which creates a cross-site scripting vulnerability. According to the vendor, the following versions of Apache Tomcat are affected4.0.0 to 4.0.6 II. ImpactA remote attacker may be able to execute arbitrary script within the security context of the web site running Apache Tomcat. More information about cross-site scripting is available in CERT Advisory CA-2000-02.III. SolutionRemove the examples web applicationThis vulnerability can be addressed by removing the "examples" web application.
Referenceshttp://www.cert.org/advisories/CA-2000-02.html Thanks to Tomasz Kuczynski for reporting this vulnerability. This document was written by Will Dormann.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader