Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> Apache Tomcat /servlet Cross Site Scripting

Vulnerability Assessment Details

Apache Tomcat /servlet Cross Site Scripting
Vulnerability Assessment Summary
Tests for Apache Tomcat /servlet XSS Bug

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Apache Tomcat web server is vulnerable to a cross site scripting
issue.

Description :

Apache Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.

By using the /servlet/ mapping to invoke various servlets / classes it is
possible to cause Tomcat to throw an exception, permiting XSS attacks,e.g:

tomcat-server/servlet/org.apache.catalina.servlets.WebdavStatus/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.ContainerServlet/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.Context/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.Globals/SCRIPTalert(document.domain)/SCRIPT

(angle brackets omitted)

Solution :

The 'invoker' servlet (mapped to /servlet/), which executes anonymous servlet
classes that have not been defined in a web.xml file should be unmapped.

The entry for this can be found in the /tomcat-install-dir/conf/web.xml file.

See also :

www.westpoint.ltd.uk/advisories/wp-02-0008.txt

Network Security Threat Level:

Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)

Networks Security ID: 5193

Vulnerability Assessment Copyright: This script is Copyright (C) 2002 Matt Moore
Cables, Connectors


LSI 9305-16i SATA SAS 12Gbs RAID Controller PCIe 3.0 x8 IT-Mode 4* 8643 SATA picture

LSI 9305-16i SATA SAS 12Gbs RAID Controller PCIe 3.0 x8 IT-Mode 4* 8643 SATA

$229.99


ACASIS 2.5/3.5 inch 2 Bay SATA USB 3.0 Hard Drive Disk HDD SSD Enclosure 4 RAID picture

ACASIS 2.5/3.5 inch 2 Bay SATA USB 3.0 Hard Drive Disk HDD SSD Enclosure 4 RAID

$58.99


Dell R630 8SFF 2.4Ghz 12-Core 128GB H330 RAID 10GB RJ-45 NIC 2x750W PSU 8x Trays picture

Dell R630 8SFF 2.4Ghz 12-Core 128GB H330 RAID 10GB RJ-45 NIC 2x750W PSU 8x Trays

$430.04


Dell R630 8SFF 2.4Ghz 20-Core 128GB H730 RAID 10GB RJ-45 NIC 2x750W PSU 8x Trays picture

Dell R630 8SFF 2.4Ghz 20-Core 128GB H730 RAID 10GB RJ-45 NIC 2x750W PSU 8x Trays

$455.04


Inspur LSI 9300-8i Raid Card 12Gbps HBA HDD Controller High Profile IT MODE picture

Inspur LSI 9300-8i Raid Card 12Gbps HBA HDD Controller High Profile IT MODE

$15.98


LSI MegaRAID 9361-8i 12Gb PCIe 8-Port SAS/SATA RAID 1Gb w/BBU/CacheVault/License picture

LSI MegaRAID 9361-8i 12Gb PCIe 8-Port SAS/SATA RAID 1Gb w/BBU/CacheVault/License

$39.95


ORICO Multi Bay RAID Hard Drive Enclosure USB 3.0/ Type-C For 2.5/3.5'' HDD SSDs picture

ORICO Multi Bay RAID Hard Drive Enclosure USB 3.0/ Type-C For 2.5/3.5'' HDD SSDs

$82.49


LSI MegaRAID 9361-8i 12Gbps PCIe 3 x8 SATA SAS 3 8 Port RAID + BBU & CacheVault picture

LSI MegaRAID 9361-8i 12Gbps PCIe 3 x8 SATA SAS 3 8 Port RAID + BBU & CacheVault

$39.00


2 Bay RAID Hard Drive Enclosure USB 3.0 Type-B for 2.5

2 Bay RAID Hard Drive Enclosure USB 3.0 Type-B for 2.5" SATA SSD/HDD Enclosure

$59.99


Dell PERC H330 PCIe 3.0 x8 RAID Storage Controller 04Y5H1 High Profile picture

Dell PERC H330 PCIe 3.0 x8 RAID Storage Controller 04Y5H1 High Profile

$17.99


Discussions

No Discussions have been posted on this vulnerability.