Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
Apache Tomcat and HP HP-UX Tomcat-based Servlet Engine contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability is due to improper sanitization of user-supplied input. An unauthenticated, remote attacker could exploit the vulnerability by convincing a targeted user to click a crafted URL that is designed to submit malicious input to an application. An exploit could allow the attacker to inject malicious values into the HTTP response, which could allow the attacker to steal user authentication cookies or recently submitted data. Additionally, the attacker could take actions as the targeted user on the system.
Proof-of-concept code is publicly available.
Apache and HP have confirmed the vulnerability and released updated software.
|Apache||Tomcat||4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.10, 4.1.12, 4.1.15, 4.1.24, 4.1.28, 4.1.31, 4.1.36, 5.5.0, 5.5.1, 5.5.2, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 6.0, 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15|
|Apache Software Foundation||Tomcat||4.1, 4.1.32, 4.1.34, 4.1.37, 5.5.26, 6.0.16|
Administrators are advised to apply the appropriate update.
Administrators may consider using a filtering proxy or firewall to remove malicious characters and character sequences.
Users are advised not to follow unsolicited links. Users should verify the authenticity of unexpected links prior to following them.
To exploit the vulnerability, an attacker must rely on user interaction. The attacker may try to convince a user to click a malicious URL, likely by supplying it in an e-mail message or other form of messaging. An exploit could allow the attacker to conduct cross-site scripting attacks. An exploit could allow the attacker to steal user authentication cookies or recently submitted data. Additionally, the attacker may be able to take actions as the targeted user on the system.