• Post Reply Bookmark Topic Watch Topic
  • New Topic

Security vulnerability in Tomcat  RSS feed

William Brogden
Author and all-around good cowpoke
Posts: 13078
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Reported in this secunia advisory.

A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "Accept-Language" header is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, e.g. via a specially crafted Flash file.

The vulnerability affects the following versions:
* Tomcat 4.0.0 to 4.0.6
* Tomcat 4.1.0 to 4.1.34
* Tomcat 5.0.0 to 5.0.30
* Tomcat 5.5.0 to 5.5.20
* Tomcat 6.0.0 to 6.0.5

Just thought you might find this interesting.

  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!