Web application abuses : Apache Tomcat JSP Example Web Applications XSS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.111014

Categoría: Web application abuses

Título: Apache Tomcat JSP Example Web Applications XSS Vulnerability - Active Check

Resumen: Apache Tomcat is prone to a cross-site scripting (XSS); vulnerability.

Descripción: Summary:
Apache Tomcat is prone to a cross-site scripting (XSS)
vulnerability.

Vulnerability Impact:
Exploiting this vulnerability may allow an attacker to perform
XSS attacks on unsuspecting users in the context of the affected website. As a result, the
attacker may be able to steal cookie-based authentication credentials and to launch other
attacks.

Affected Software/OS:
Apache Tomcat versions 4.0.1 through 4.0.6, 4.1.0 through
4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23 and 6.0.0 through 6.0.10.

Solution:
Update to version 4.1.37, 5.5.24, 6.0.11 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1355
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
BugTraq ID: 24058
http://www.securityfocus.com/bid/24058
Bugtraq: 20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/469067/100/0/threaded
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
http://www.securityfocus.com/archive/1/500412/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
http://osvdb.org/34875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111
http://www.redhat.com/support/errata/RHSA-2008-0261.html
RedHat Security Advisories: RHSA-2008:0630
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/27037
http://secunia.com/advisories/27727
http://secunia.com/advisories/30802
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/31493
http://secunia.com/advisories/33668
http://securityreason.com/securityalert/2722
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2008/1981/references
http://www.vupen.com/english/advisories/2009/0233
XForce ISS Database: tomcat-hello-xss(34377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34377

Copyright Copyright (C) 2015 SCHUTZWERK GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.111014
Categoría:	Web application abuses
Título:	Apache Tomcat JSP Example Web Applications XSS Vulnerability - Active Check
Resumen:	Apache Tomcat is prone to a cross-site scripting (XSS); vulnerability.
Descripción:	Summary: Apache Tomcat is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Impact: Exploiting this vulnerability may allow an attacker to perform XSS attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. Affected Software/OS: Apache Tomcat versions 4.0.1 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23 and 6.0.0 through 6.0.10. Solution: Update to version 4.1.37, 5.5.24, 6.0.11 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1355 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html BugTraq ID: 24058 http://www.securityfocus.com/bid/24058 Bugtraq: 20070519 [CVE-2007-1355] Tomcat documentation XSS vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/469067/100/0/threaded Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/500396/100/0/threaded Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search) http://www.securityfocus.com/archive/1/500412/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E http://osvdb.org/34875 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6111 http://www.redhat.com/support/errata/RHSA-2008-0261.html RedHat Security Advisories: RHSA-2008:0630 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/27037 http://secunia.com/advisories/27727 http://secunia.com/advisories/30802 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://secunia.com/advisories/31493 http://secunia.com/advisories/33668 http://securityreason.com/securityalert/2722 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2008/1979/references http://www.vupen.com/english/advisories/2008/1981/references http://www.vupen.com/english/advisories/2009/0233 XForce ISS Database: tomcat-hello-xss(34377) https://exchange.xforce.ibmcloud.com/vulnerabilities/34377
Copyright	Copyright (C) 2015 SCHUTZWERK GmbH