Web application abuses : Apache Tomcat DOS Device Name XSS

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11042

Categoría: Web application abuses

Título: Apache Tomcat DOS Device Name XSS

Resumen: The remote Apache Tomcat web server is vulnerable to a cross site scripting; issue.

Descripción: Summary:
The remote Apache Tomcat web server is vulnerable to a cross site scripting
issue.

Vulnerability Insight:
By making requests for DOS Device names it is possible to cause
Tomcat to throw an exception, allowing XSS attacks, e.g:

tomcat-server/COM2.IMG%20src='Javascript:alert(document.domain)'

(angle brackets omitted)

The exception also reveals the physical path of the Tomcat installation.

Solution:
Upgrade to Apache Tomcat v4.1.3 beta or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Copyright Copyright (C) 2002 Matt Moore

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11042
Categoría:	Web application abuses
Título:	Apache Tomcat DOS Device Name XSS
Resumen:	The remote Apache Tomcat web server is vulnerable to a cross site scripting; issue.
Descripción:	Summary: The remote Apache Tomcat web server is vulnerable to a cross site scripting issue. Vulnerability Insight: By making requests for DOS Device names it is possible to cause Tomcat to throw an exception, allowing XSS attacks, e.g: tomcat-server/COM2.IMG%20src='Javascript:alert(document.domain)' (angle brackets omitted) The exception also reveals the physical path of the Tomcat installation. Solution: Upgrade to Apache Tomcat v4.1.3 beta or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Copyright	Copyright (C) 2002 Matt Moore