CVE-2007-3383

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 4.0.0 through 4.0.6 Apache Tomcat versions 4.1.0 through 4.1.36

Description A cross-site scripting (XSS) issue exists in the SendMailServlet of the examples web application, allowing remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields. This is related to the generation of error messages, which did not properly escape user-provided data.

Recommendations For Apache Tomcat versions 4.0.0 through 4.0.6, consider undeploying the examples web application to mitigate the risk. For Apache Tomcat versions 4.1.0 through 4.1.36, consider undeploying the examples web application to mitigate the risk. As a temporary workaround, consider disabling the SendMailServlet until a patch is available.