[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CVE-2007-3383: XSS in Tomcat send mail example

To: Tomcat Users List <users@xxxxxxxxxxxxxxxxx>, Tomcat Developers List <dev@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] CVE-2007-3383: XSS in Tomcat send mail example
From: Mark Thomas <markt@xxxxxxxxxx>
Date: Sat, 21 Jul 2007 19:51:11 -0400

CVE-2007-3383: XSS in Tomcat send mail example

Severity:
Low (Cross-site scripting)

Vendor:
The Apache Software Foundation

Versions Affected:
4.0.0 to 4.0.6
4.1.0 to 4.1.36

Description:
When reporting error messages, the SendMailServlet does not filter
user supplied data before display. This enables an XSS attack.

Mitigation:
Undeploy the examples web application.

Credit:
This issue was discovered by Tomasz Kuczynski, Poznan Supercomputing
and Networking Center, who worked with the CERT/CC to report the
vulnerability.

Example:
On this page
http://localhost:8080/examples/jsp/mail/sendmail.jsp
enter the following text
<script>alert('XSS reflected')</script>
in the From field and click Send.

References:
http://tomcat.apache.org/security.html

Mark Thomas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS
Next by Date: [Full-disclosure] Buffer overflow in Areca CLI, version <= 1.72.250
Previous by thread: [Full-disclosure] SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS
Next by thread: [Full-disclosure] Buffer overflow in Areca CLI, version <= 1.72.250
Index(es):
- Date
- Thread