Apache Tomcat /servlet Mapping XSS

This script is Copyright (C) 2002-2012 Matt Moore


Synopsis :

The remote web server is affected by a cross-site scripting issue.

Description :

Apache Tomcat is the servlet container that is used in the official
Reference Implementation for the Java Servlet and JavaServer Pages
technologies.

By using the /servlet/ mapping to invoke various servlets / classes it
is possible to cause Tomcat to throw an exception, allowing XSS
attacks.

See also :

http://www.westpoint.ltd.uk/advisories/wp-02-0008.txt

Solution :

The 'invoker' servlet (mapped to /servlet/), which executes anonymous
servlet classes that have not been defined in a web.xml file should be
unmapped.

The entry for this can be found in the
/tomcat-install-dir/conf/web.xml file.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 11041 (apache_Tomcat_Servlet_XSS.nasl)

Bugtraq ID: 5193

CVE ID: CVE-2002-0682