Signature Detail
Short Name |
HTTP:APACHE:TOMCAT-CAL2JSP-XSS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Tomcat Cal2.JSP Cross-Site Scripting |
Release Date |
2012/11/30 |
Update Number |
2207 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache Tomcat Cal2.JSP Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability in the Apache Tomcat. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects Apache Tomcat 4.1.31; other versions may also be affected.
Affected Products
- Apache Software Foundation Tomcat 4.0.0
- Apache Software Foundation Tomcat 4.0.0 RC2
- Apache Software Foundation Tomcat 4.0.1
- Apache Software Foundation Tomcat 4.0.2
- Apache Software Foundation Tomcat 4.0.3
- Apache Software Foundation Tomcat 4.0.4
- Apache Software Foundation Tomcat 4.0.5
- Apache Software Foundation Tomcat 4.0.6
- Apache Software Foundation Tomcat 4.1.0
- Apache Software Foundation Tomcat 4.1.10
- Apache Software Foundation Tomcat 4.1.12
- Apache Software Foundation Tomcat 4.1.24
- Apache Software Foundation Tomcat 4.1.31
- Apache Software Foundation Tomcat 4.1.3 Beta
- Apache Software Foundation Tomcat 5.0.0
- Apache Software Foundation Tomcat 5.0.1
- Apache Software Foundation Tomcat 5.0.10
- Apache Software Foundation Tomcat 5.0.11
- Apache Software Foundation Tomcat 5.0.12
- Apache Software Foundation Tomcat 5.0.13
- Apache Software Foundation Tomcat 5.0.14
- Apache Software Foundation Tomcat 5.0.15
- Apache Software Foundation Tomcat 5.0.16
- Apache Software Foundation Tomcat 5.0.19
- Apache Software Foundation Tomcat 5.0.2
- Apache Software Foundation Tomcat 5.0.28
- Apache Software Foundation Tomcat 5.0.3
- Apache Software Foundation Tomcat 5.0.30
- Apache Software Foundation Tomcat 5.0.4
- Apache Software Foundation Tomcat 5.0.5
- Apache Software Foundation Tomcat 5.0.6
- Apache Software Foundation Tomcat 5.0.7
- Apache Software Foundation Tomcat 5.0.8
- Apache Software Foundation Tomcat 5.0.9
- Apache Software Foundation Tomcat 5.5.0
- Apache Software Foundation Tomcat 5.5.1
- Apache Software Foundation Tomcat 5.5.10
- Apache Software Foundation Tomcat 5.5.11
- Apache Software Foundation Tomcat 5.5.12
- Apache Software Foundation Tomcat 5.5.13
- Apache Software Foundation Tomcat 5.5.14
- Apache Software Foundation Tomcat 5.5.15
- Apache Software Foundation Tomcat 5.5.2
- Apache Software Foundation Tomcat 5.5.3
- Apache Software Foundation Tomcat 5.5.4
- Apache Software Foundation Tomcat 5.5.5
- Apache Software Foundation Tomcat 5.5.6
- Apache Software Foundation Tomcat 5.5.7
- Apache Software Foundation Tomcat 5.5.8
- Apache Software Foundation Tomcat 5.5.9
- Computer Associates Cohesion Application Configuration Manager 4.5
- Red Hat Network Satellite (for RHEL 3) 4.2
- Red Hat Network Satellite (for RHEL 4) 4.2
- Red Hat Red Hat Network Satellite Server 4.2
- Red Hat Red Hat Network Satellite Server 5.0.0
- SuSE Linux 10.0 Ppc
- SuSE Linux 10.0 X86
- SuSE Linux 10.0 X86-64
- SuSE Linux 10.1 Ppc
- SuSE Linux 10.1 X86
- SuSE Linux 10.1 X86-64
- SuSE Linux Desktop 10
- SuSE Linux Desktop 1.0.0
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 10.1
- SuSE Linux Personal 10.2
- SuSE Linux Personal 10.2 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 10.1
- SuSE Linux Professional 10.2
- SuSE Linux Professional 10.2 X86 64
- SuSE Novell Linux Desktop 1.0.0
- SuSE Novell Linux Desktop 9.0.0
- SuSE Novell Linux Desktop SDK 9.0.0
- SuSE Novell Linux POS 9
- SuSE Office Server
- SuSE Open-Enterprise-Server 1
- SuSE Open-Enterprise-Server 9.0.0
- SuSE Open-Enterprise-Server
- SuSE openSUSE 10.1
- SuSE openSUSE 10.2
- SuSE openSUSE 10.3
- SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO
- SuSE SUSE Linux Enterprise Desktop 10
- SuSE SUSE Linux Enterprise Desktop 10 SP1
- SuSE SUSE Linux Enterprise SDK 10
- SuSE SUSE Linux Enterprise SDK 10 SP1
- SuSE SUSE Linux Enterprise SDK 10.SP1
- SuSE SUSE Linux Enterprise Server 10
- SuSE SUSE Linux Enterprise Server 10 SP1
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SUSE Linux Enterprise Server 9 SP3
- SuSE SuSE Linux Openexchange Server 4.0.0
- SuSE SuSE Linux Open-Xchange 4.1.0
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- SuSE UnitedLinux 1.0.0
References
- BugTraq: 25531
- CVE: CVE-2006-7196