|
|
Family: CGI abuses : XSS --> Category: infos
Apache Tomcat /servlet Cross Site Scripting Vulnerability Scan
Vulnerability Scan Summary
Tests for Apache Tomcat /servlet XSS Bug
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Apache Tomcat web server is vulnerable to a cross site scripting
issue.
Description :
Apache Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
By using the /servlet/ mapping to invoke various servlets / classes it is
possible to cause Tomcat to throw an exception, allowing XSS attacks,e.g:
tomcat-server/servlet/org.apache.catalina.servlets.WebdavStatus/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.ContainerServlet/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.Context/SCRIPTalert(document.domain)/SCRIPT
tomcat-server/servlet/org.apache.catalina.Globals/SCRIPTalert(document.domain)/SCRIPT
(angle brackets omitted)
Solution :
The 'invoker' servlet (mapped to /servlet/), which executes anonymous servlet
classes that have not been defined in a web.xml file should be unmapped.
The entry for this can be found in the /tomcat-install-dir/conf/web.xml file.
See also :
www.westpoint.ltd.uk/advisories/wp-02-0008.txt
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
