TUCoPS :: Web :: Apache :: tb11288.htm

Apache Tomcat XSS vulnerability in Manager
: Apache Tomcat XSS vulnerability in Manager
: Apache Tomcat XSS vulnerability in Manager

Hash: SHA1

CVE-2007-2450: Apache Tomcat XSS vulnerabilities in Manager

Severity: low (cross-site scripting)

The Apache Software Foundation

Versions Affected:
Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13

The Manager and Host Manager web applications do not escape some user
provided data before including it in the output. This enables a XSS
attack. The user must be logged in to the Manager or Host Manager web

1. Log out of the Manager or Host Manager application (close the
browser) once tasks requiring use of the manager have been completed.

action="http://example.com:8080/manager/html/upload" method="post" enctype="multipart/form-data">
Credit: These issues were discovered by Daiki Fukumori, Secure Sky Technology. References: http://tomcat.apache.org/security.html Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGcKdkb7IeiTPGAkMRAt1IAKCR47H3juKSvEdGwymOMCpKZdXi8wCgvrzl aQy4/FihDqtrwRDLl0f/asA=RGcQ -----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH