Apache Tomcat Error Message Reporting 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189540 漏洞类型 跨站脚本
发布时间 2007-08-02 更新时间 2007-08-02
CVE编号 CVE-2007-3384 CNNVD-ID CNNVD-200708-096
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/25174
https://cxsecurity.com/issue/WLB-2007080038
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-096
|漏洞详情
ApacheTomcat3.3至3.3.2版本的examples/servlet/CookieExample中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)Name或(2)Value字段,注入任意web脚本或HTML。该漏洞与错误信息相关。
|漏洞EXP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2007-3384: XSS in Tomcat cookies example

Severity:
Low (Cross-site scripting)

Vendor:
The Apache Software Foundation

Versions Affected:
3.3 to 3.3.2

Description:
When reporting error messages, Tomcat does not filter user supplied
data before display. This enables an XSS attack.

Mitigation:
Remove examples web application.
Apply patch available from http://tomcat.apache.org/download-33.cgi

Credit:
This issue was discovered by Tomasz Kuczynski, Poznan Supercomputing
and Networking Center, who worked with the CERT/CC to report the
vulnerability.

Example:
http://localhost:8080/examples/servlet/CookieExample
populate Name or Value field with:
<script>alert('XSS reflected');</script>
and submit.

References:
http://tomcat.apache.org/security.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGsU0Vb7IeiTPGAkMRAoiwAJ4iETiZnDPLKM0v69YZ/FaIhGS8GwCgt+ux
FB0O3FigwHs+A8pP98+gRiA=
=VePF
-----END PGP SIGNATURE-----
|受影响的产品
Apache Tomcat 3.3.2 Apache Tomcat 3.3.1 a Apache Tomcat 3.3.1 Apache Tomcat 3.3 - BSDI BSD/OS 4.0 - Caldera OpenLinu
|参考资料

来源:BID
名称:25174
链接:http://www.securityfocus.com/bid/25174
来源:BUGTRAQ
名称:20070802CVE-2007-3384:XSSinTomcatcookiesexample
链接:http://www.securityfocus.com/archive/1/archive/1/475321/100/0/threaded
来源:tomcat.apache.org
链接:http://tomcat.apache.org/security-3.html
来源:SECTRACK
名称:1018503
链接:http://securitytracker.com/id?1018503
来源:OSVDB
名称:39035
链接:http://osvdb.org/39035
来源:SREASON
名称:2971
链接:http://securityreason.com/securityalert/2971