Intrusion Prevention



There are multiple cross-site scripting vulnerabilities in certain JSP files in the examples web application in Apache Tomcat. To exploit these vulnerabilities remote attackers can inject arbitrary web scripts or HTML via the portion of the URI after the ';' character.

Affected Products

Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13


Cross Site Scripting.

Recommended Actions

We are not aware of any officially released patch on this issue.

CVE References