PT-2007-4658 · Apache · Apache Tomcat
Tomasz Kuczynski
·
Published
2007-07-25
·
Updated
2022-05-01
·
CVE-2007-3383
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions 4.0.0 through 4.0.6
Apache Tomcat versions 4.1.0 through 4.1.36
Description
A cross-site scripting (XSS) issue exists in the SendMailServlet of the examples web application, allowing remote attackers to inject arbitrary web script or HTML via the
From field and possibly other fields. This is related to the generation of error messages, which did not properly escape user-provided data.Recommendations
For Apache Tomcat versions 4.0.0 through 4.0.6, consider undeploying the examples web application to mitigate the risk.
For Apache Tomcat versions 4.1.0 through 4.1.36, consider undeploying the examples web application to mitigate the risk.
As a temporary workaround, consider disabling the SendMailServlet until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Tomcat