Vigil@ance: Tomcat, Cross Site Scripting of host-manager
June 2008 by Vigil@nce
SYNTHESIS
An attacker can generate a Cross Site Scripting via the name
parameter of the host-manager.
Gravity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 03/06/2008
Identifier: VIGILANCE-VUL-7867
IMPACTED PRODUCTS
– Apache Tomcat [confidential versions]
DESCRIPTION
The host-manager service of Tomcat listens on the port 8080/tcp.
Administrators use it to handle virtual hosts.
The /host-manager/html/add script does not filter the server name
stored in the "name" parameter. This name is directly displayed
and the HTML code is contains is inserted in the web page.
An attacker can therefore create a Cross Site Scripting in order
to operate as the administrator connected to the host-manager.
CHARACTERISTICS
Identifiers: CVE-2008-1947, VIGILANCE-VUL-7867