Apache.Tomcat.JSP.Examples.XSS
Description
There are multiple cross-site scripting vulnerabilities in certain JSP files in the examples web application in Apache Tomcat. To exploit these vulnerabilities remote attackers can inject arbitrary web scripts or HTML via the portion of the URI after the ';' character.
Affected Products
Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13
Impact
Cross Site Scripting.
Recommended Actions
We are not aware of any officially released patch on this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |