CVE-2007-2450: Apache Tomcat XSS vulnerabilities in Manager
Severity: low (cross-site scripting)
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13
Description:
The Manager and Host Manager web applications do not escape some user
provided data before including it in the output. This enables a XSS
attack. The user must be logged in to the Manager or Host Manager web
application.
Mitigation:
1. Log out of the Manager or Host Manager application (close the
browser) once tasks requiring use of the manager have been completed.
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.