Tomcat 4.1 XSS

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to a cross-site scripting attack.

Description :

The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site.

See also :

http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html

Solution :

Upgrade to Tomcat 4.1.29 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 47715 ()

Bugtraq ID:

CVE ID: CVE-2002-1567