4.3
MEDIUM

CVE-2008-1232

Published: 04/08/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Apache Tomcat and HP HP-UX Tomcat-based Servlet Engine contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.

The vulnerability is due to improper sanitization of user-supplied input. An unauthenticated, remote attacker could exploit the vulnerability by convincing a targeted user to click a crafted URL that is designed to submit malicious input to an application. An exploit could allow the attacker to inject malicious values into the HTTP response, which could allow the attacker to steal user authentication cookies or recently submitted data. Additionally, the attacker could take actions as the targeted user on the system.

Proof-of-concept code is publicly available.

Apache and HP have confirmed the vulnerability and released updated software.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
ApacheTomcat4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.10, 4.1.12, 4.1.15, 4.1.24, 4.1.28, 4.1.31, 4.1.36, 5.5.0, 5.5.1, 5.5.2, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 6.0, 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15
Apache Software FoundationTomcat4.1, 4.1.32, 4.1.34, 4.1.37, 5.5.26, 6.0.16

Mitigation

Administrators are advised to apply the appropriate update.

Administrators may consider using a filtering proxy or firewall to remove malicious characters and character sequences.

Users are advised not to follow unsolicited links. Users should verify the authenticity of unexpected links prior to following them.

Exploitation

To exploit the vulnerability, an attacker must rely on user interaction. The attacker may try to convince a user to click a malicious URL, likely by supplying it in an e-mail message or other form of messaging. An exploit could allow the attacker to conduct cross-site scripting attacks. An exploit could allow the attacker to steal user authentication cookies or recently submitted data. Additionally, the attacker may be able to take actions as the targeted user on the system.

EDB Exploits

References

CWE-79http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspxhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://marc.info/?l=bugtraq&m=123376588623823&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/31379http://secunia.com/advisories/31381http://secunia.com/advisories/31639http://secunia.com/advisories/31865http://secunia.com/advisories/31891http://secunia.com/advisories/31982http://secunia.com/advisories/32120http://secunia.com/advisories/32222http://secunia.com/advisories/32266http://secunia.com/advisories/33797http://secunia.com/advisories/33999http://secunia.com/advisories/34013http://secunia.com/advisories/35474http://secunia.com/advisories/36108http://secunia.com/advisories/37460http://secunia.com/advisories/57126http://securityreason.com/securityalert/4098http://support.apple.com/kb/HT3216http://support.avaya.com/elmodocs2/security/ASA-2008-401.htmhttp://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:188http://www.redhat.com/support/errata/RHSA-2008-0648.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0862.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0864.htmlhttp://www.securityfocus.com/archive/1/495021/100/0/threadedhttp://www.securityfocus.com/archive/1/504351/100/0/threadedhttp://www.securityfocus.com/archive/1/505556/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/30496http://www.securityfocus.com/bid/31681http://www.securitytracker.com/id?1020622http://www.vmware.com/security/advisories/VMSA-2009-0002.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2008/2305http://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2008/2823http://www.vupen.com/english/advisories/2009/0320http://www.vupen.com/english/advisories/2009/0503http://www.vupen.com/english/advisories/2009/1609http://www.vupen.com/english/advisories/2009/2194http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/44155https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html