Vigil@nce: Apache Tomcat, Cross Site Scripting of an example
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a Cross Site Scripting in an example
provided with Apache Tomcat.
Gravity: 1/4
Consequences: client access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 09/03/2009
IMPACTED PRODUCTS
– Apache Tomcat
DESCRIPTION OF THE VULNERABILITY
Several examples are provided with Apache Tomcat, such as "cal"
which implements a calendar. These examples are generally not
installed.
The cal2.jsp script generates a form containing a hidden variable
named "time":
%>
However, the value is not enclosed by quotes, and not ended. An
attacker can thus for example insert a "STYLE=" in the HTML page
containing a JavaScript expression.
An attacker can therefore generate a Cross Site Scripting in an
example provided with Apache Tomcat.
CHARACTERISTICS
Identifiers: CVE-2009-0781, VIGILANCE-VUL-8521
http://vigilance.fr/vulnerability/Apache-Tomcat-Cross-Site-Scripting-of-an-example-8521