Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:XSS:TOMCAT-JSP

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Apache Tomcat JSP Cross-Site Scripting

Release Date

 2007/09/21

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apache Tomcat JSP Cross-Site Scripting


This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful cross-site scripting attack can expose sensitive information stored in cookies, such as usernames, passwords, credit card numbers, social security numbers, and other important information.

Extended Description

Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Affected Products

  • Apache Software Foundation Tomcat 4.0.0
  • Apache Software Foundation Tomcat 4.0.1
  • Apache Software Foundation Tomcat 4.0.2
  • Apache Software Foundation Tomcat 4.0.3
  • Apache Software Foundation Tomcat 4.0.4
  • Apache Software Foundation Tomcat 4.0.5
  • Apache Software Foundation Tomcat 4.0.6
  • Apache Software Foundation Tomcat 4.1.0
  • Apache Software Foundation Tomcat 4.1.36
  • Apache Software Foundation Tomcat 5.0
  • Apache Software Foundation Tomcat 5.0.1
  • Apache Software Foundation Tomcat 5.0.10
  • Apache Software Foundation Tomcat 5.0.11
  • Apache Software Foundation Tomcat 5.0.12
  • Apache Software Foundation Tomcat 5.0.13
  • Apache Software Foundation Tomcat 5.0.14
  • Apache Software Foundation Tomcat 5.0.15
  • Apache Software Foundation Tomcat 5.0.16
  • Apache Software Foundation Tomcat 5.0.2
  • Apache Software Foundation Tomcat 5.0.3
  • Apache Software Foundation Tomcat 5.0.30
  • Apache Software Foundation Tomcat 5.5.0
  • Apache Software Foundation Tomcat 5.5.1
  • Apache Software Foundation Tomcat 5.5.10
  • Apache Software Foundation Tomcat 5.5.11
  • Apache Software Foundation Tomcat 5.5.12
  • Apache Software Foundation Tomcat 5.5.13
  • Apache Software Foundation Tomcat 5.5.14
  • Apache Software Foundation Tomcat 5.5.15
  • Apache Software Foundation Tomcat 5.5.16
  • Apache Software Foundation Tomcat 5.5.17
  • Apache Software Foundation Tomcat 5.5.18
  • Apache Software Foundation Tomcat 5.5.19
  • Apache Software Foundation Tomcat 5.5.2
  • Apache Software Foundation Tomcat 5.5.20
  • Apache Software Foundation Tomcat 5.5.21
  • Apache Software Foundation Tomcat 5.5.22
  • Apache Software Foundation Tomcat 5.5.23
  • Apache Software Foundation Tomcat 5.5.24
  • Apache Software Foundation Tomcat 5.5.3
  • Apache Software Foundation Tomcat 5.5.4
  • Apache Software Foundation Tomcat 5.5.5
  • Apache Software Foundation Tomcat 5.5.6
  • Apache Software Foundation Tomcat 5.5.7
  • Apache Software Foundation Tomcat 5.5.8
  • Apache Software Foundation Tomcat 5.5.9
  • Apache Software Foundation Tomcat 6.0.1
  • Apache Software Foundation Tomcat 6.0.10
  • Apache Software Foundation Tomcat 6.0.11
  • Apache Software Foundation Tomcat 6.0.12
  • Apache Software Foundation Tomcat 6.0.13
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X Server 10.4.11
  • Computer Associates Cohesion Application Configuration Manager 4.5
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • HP HP-UX B.11.31
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Novell ZENworks Linux Management 7.3
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Fedora 7
  • Red Hat Network Satellite (for RHEL 3) 4.2
  • Red Hat Network Satellite (for RHEL 4) 4.2
  • Red Hat Network Satellite (for RHEL 4) 5.1
  • Red Hat Red Hat Network Satellite Server 5.0.0
  • SuSE Linux 10.0 Ppc
  • SuSE Linux 10.0 X86
  • SuSE Linux 10.0 X86-64
  • SuSE Linux 10.1 Ppc
  • SuSE Linux 10.1 X86
  • SuSE Linux 10.1 X86-64
  • SuSE Linux Desktop 10
  • SuSE Linux Personal 10.1
  • SuSE Linux Personal 10.2
  • SuSE Linux Personal 10.2 X86 64
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Linux Personal 9.3.0 X86 64
  • SuSE Linux Professional 10.0.0
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 10.1
  • SuSE Linux Professional 10.2
  • SuSE Linux Professional 10.2 X86 64
  • SuSE Linux Professional 9.2.0
  • SuSE Linux Professional 9.2.0 X86 64
  • SuSE Linux Professional 9.3.0
  • SuSE Linux Professional 9.3.0 X86 64
  • SuSE openSUSE 10.1
  • SuSE openSUSE 10.2
  • SuSE openSUSE 10.3
  • SuSE SUSE Linux Enterprise Desktop 10
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise SDK 10
  • SuSE SUSE Linux Enterprise SDK 10 SP1
  • SuSE SUSE Linux Enterprise Server 10
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP2
  • SuSE SUSE Linux Enterprise Server 9 SP3
  • SuSE SUSE Linux Enterprise Server SDK 9
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SuSE Linux Open-Xchange 4.1.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux School Server for i386
  • SuSE SuSE Linux Standard Server 8.0.0
  • SuSE UnitedLinux 1.0.0

References

  • BugTraq: 24476
  • CVE: CVE-2007-2449
  • URL: http://tomcat.apache.org/security-6.html
  • URL: http://www.securityfocus.com/archive/1/archive/1/471351/100/0/threaded

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out