JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability

ID JVN:16535199
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-10-21T00:00:00


## Description

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The developer has confirmed that this vulnerability occurs when an outdated version of Flash is used.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the software
Apply the latest updates provided by the developer.

For more information, refer to the developer's website.

## Products Affected

  • Apache Tomcat 4.0.0 - 4.0.6
  • Apache Tomcat 4.1.0 - 4.1.34
  • Apache Tomcat 5.0.0 - 5.0.30
  • Apache Tomcat 5.5.0 - 5.5.20
  • Apache Tomcat 6.0.0 - 6.0.5