Apache Tomcat servlet Mapping XSS

2002-07-10T00:00:00
ID OSVDB:4973
Type osvdb
Reporter Matt Moore(matt@westpoint.ltd.uk)
Modified 2002-07-10T00:00:00

Description

Vulnerability Description

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input to the /server/ mappings. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 4.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input to the /server/ mappings. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/servlet/org.apache.catalina.servlets.WebdavStatus/SCRIPTalert(document.domain)/SCRIPT

http://[victim]/servlet/org.apache.catalina.ContainerServlet/SCRIPTalert(document.domain)/SCRIPT

http://[victim]/servlet/org.apache.catalina.Context/SCRIPTalert(document.domain)/SCRIPT

http://[victim]/servlet/org.apache.catalina.Globals/SCRIPTalert(document.domain)/SCRIPT

References:

Vendor URL: http://tomcat.apache.org/ Vendor URL: http://jakarta.apache.org Vendor Specific Advisory URL Related OSVDB ID: 845 Other Advisory URL: http://www.westpoint.ltd.uk/advisories/wp-02-0008.txt Nessus Plugin ID:11041 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=102631703811297&w=2 Keyword: wp-02-0008 Keyword: Westpoint Security Advisory ISS X-Force ID: 9520 CVE-2002-0682 Bugtraq ID: 5193