Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3762
HistoryAug 04, 2008 - 12:00 a.m.

Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞

2008-08-0400:00:00
Root
www.seebug.org
38

0.02 Low

EPSS

Percentile

87.4%

JSON

BUGTRAQ ID: 30496
CVE(CAN) ID: CVE-2008-1232

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。

Apache Tomcat不仅在错误页面中显示了HttpServletResponse.sendError()调用的消息参数,同时也在HTTP响应的reason-phrase中使用,这就可能在HTTP头中包含非法字符。特制的消息可能导致跨站脚本攻击,向HTTP响应中注入任意内容。

Apache Group Tomcat 6.0.x
Apache Group Tomcat 5.5.x
Apache Group Tomcat 4.1.x
Apache Group

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz” target=“_blank”>http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz</a>


                                                &lt;%@page contentType=&quot;text/html&quot;%&gt;
&lt;%
~  // some unicode characters, that result in CRLF being printed
~  final String CRLF = &quot;\u010D\u010A&quot;;

~  final String payload = CRLF + CRLF + &quot;&lt;script
type='text/javas

Related

osv 1
ubuntucve 1
securityvulns 4
f5 2
prion 1
cve 1
veracode 1
github 1
openvas 23
nessus 17
tomcat 3
vmware 4
redhat 5
centos 1
fedora 3
oraclelinux 1
ibm 1
osv
osv
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:37:49
ubuntucve
ubuntucve
CVE-2008-1232
2008-08-04 00:00:00
securityvulns
securityvulns
[CVE-2008-1232] Apache Tomcat XSS vulnerability
2008-08-01 00:00:00
ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S
2009-08-08 00:00:00
Computer Associates applications multiple security vulnerabilities
2009-08-08 00:00:00
f5
f5
SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
2008-09-01 00:00:00
K9108 : Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
2013-03-24 00:00:00
prion
prion
Cross site scripting
2008-08-04 01:41:00
cve
cve
CVE-2008-1232
2008-08-04 01:41:00
veracode
veracode
Cross-site Scripting (XSS)
2018-11-09 06:35:59
github
github
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:37:49
openvas
openvas
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
2008-08-07 00:00:00
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
Fedora Update for tomcat6 FEDORA-2008-7977
2009-02-17 00:00:00
nessus
nessus
RHEL 4 / 5 : jbossweb (RHSA-2008:0877)
2013-01-24 00:00:00
VMSA-2009-0002 : VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-10-19 00:00:00
Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities
2010-06-11 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
Fixed in Apache Tomcat 4.1.39
2008-01-07 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
redhat
redhat
(RHSA-2008:0877) Important: jbossweb security update
2008-09-22 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

0.02 Low

EPSS

Percentile

87.4%

JSON
Related for SSV:3762
osv1ubuntucve1securityvulns4f52prion1cve1veracode1github1openvas23nessus17tomcat3vmware4redhat5centos1fedora3oraclelinux1ibm1