Detections
Analytics

Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS

medium Nessus Plugin ID 20738

Language:

Synopsis

The remote web server contains a JSP application that is prone to a cross-site scripting flaw.

Description

The remote host appears to be running Geronimo, an open source J2EE server from the Apache Software Foundation.

The version of Geronimo installed on the remote host includes a JSP application that fails to sanitize user-supplied input to the 'time' parameter before using it to generate a dynamic webpage. An attacker can exploit this flaw to cause arbitrary HTML and script code to be executed in a user's browser within the context of the affected web site.

Solution

Uninstall the example applications or upgrade to Geronimo version 1.0.1 or later.

See Also

http://www.oliverkarow.de/research/geronimo_css.txt

https://issues.apache.org/jira/browse/GERONIMO-1474

Plugin Details

Severity: Medium

ID: 20738

File Name: geronimo_cal2_example_xss.nasl

Version: 1.21

Type: remote

Published: 1/18/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:apache:geronimo

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/15/2006

Reference Information

CVE: CVE-2006-0254

BID: 16260

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990