Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

Apache Tomcat DOS Device Name XSS Vulnerability Scan

Vulnerability Scan Summary
Tests for Apache Tomcat DOS Device name XSS Bug

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote Apache Tomcat web server is vulnerable to a cross site scripting

Description :

Apache Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.

By making requests for DOS Device names it is possible to cause
Tomcat to throw an exception, allowing XSS attacks, e.g:


(angle brackets omitted)

The exception also reveals the physical path of the Tomcat installation.

Solution :

Upgrade to Apache Tomcat v4.1.3 beta or later.

See also :

Threat Level:

Low / CVSS Base Score : 3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.