|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2971 CVE : CVE-2007-3384 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Tomasz Kuczynski Published : 08.08.2007
Advisory Text : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3384: XSS in Tomcat cookies example Severity: Low (Cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: 3.3 to 3.3.2 Description: When reporting error messages, Tomcat does not filter user supplied data before display. This enables an XSS attack. Mitigation: Remove examples web application. Apply patch available from http://tomcat.apache.org/download-33.cgi Credit: This issue was discovered by Tomasz Kuczynski, Poznan Supercomputing and Networking Center, who worked with the CERT/CC to report the vulnerability. Example: http://localhost:8080/examples/servlet/CookieExample populate Name or Value field with: <script>alert('XSS reflected');</script> and submit. References: http://tomcat.apache.org/security.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGsU0Vb7IeiTPGAkMRAoiwAJ4iETiZnDPLKM0v69YZ/FaIhGS8GwCgt+ux FB0O3FigwHs+A8pP98+gRiA= =VePF -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |