Japan Vulnerability NotesJVN:16535199JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.801 High
EPSS
Percentile
98.3%
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The developer has confirmed that this vulnerability occurs when an outdated version of Flash is used.
Impact
An arbitrary script may be executed on the user’s web browser.
Solution
Update the software
Apply the latest updates provided by the developer.
For more information, refer to the developer’s website.
Products Affected
- Apache Tomcat 4.0.0 - 4.0.6
- Apache Tomcat 4.1.0 - 4.1.34
- Apache Tomcat 5.0.0 - 5.0.30
- Apache Tomcat 5.5.0 - 5.5.20
- Apache Tomcat 6.0.0 - 6.0.5
Related
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.801 High
EPSS
Percentile
98.3%