Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities :

  - The remote Apache Tomcat install is vulnerable to a     denial of service attack. If directory listing is     enabled, function calls to retrieve the contents of     large directories can degrade performance.
    (CVE-2005-3510)

  - The remote Apache Tomcat install may be vulnerable to     a cross-site scripting attack if the JSP examples are     enabled. Several of these JSP examples do not properly     validate user input. (CVE-2005-4838)

  - The remote Apache Tomcat install allows remote users     to list the contents of a directory by placing a     semicolon before a filename with a mapped extension.
    (CVE-2006-3835)

  - If enabled, the JSP calendar example application is     vulnerable to a cross-site scripting attack because     user input is not properly validated. (CVE-2006-7196)

  - The remote Apache Tomcat install, in its default     configuration, permits the use of insecure ciphers when     using SSL. (CVE-2007-1858)

  - The remote Apache Tomcat install may be vulnerable to an     information disclosure attack by allowing requests from     a non-permitted IP address to gain access to a context     that is protected with a valve that extends     RequestFilterValve. (CVE-2008-3271)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components.

This update has been rated as having low security impact by the Red Hat Security Response Team.

This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments.

Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)

A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)

A denial-of-service flaw was fixed in the jabberd server.
(CVE-2006-1329)

Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306)

Multiple flaws were fixed in the IBM Java 1.4.2 Runtime.
(CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)

Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)

A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898)

Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)

Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.

Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature.
(CVE-2007-5961)

This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments.

Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)

A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)

A denial-of-service flaw was fixed in the jabberd server.
(CVE-2006-1329)

Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306)

Multiple flaws were fixed in the IBM Java 1.4.2 Runtime.
(CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)

Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605)

A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898)

Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)

Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.

Fixed various issues in tomcat :

  - CVE-2006-7196: Cross-site scripting (XSS) vulnerability     in example JSP applications

  - CVE-2007-3382: Handling of cookies containing a '     character

  - CVE-2007-3385: Handling of \' in cookies

  - CVE-2007-5641: tomcat path traversal / information leak

  - CVE-2007-1860: directory traversal

  - CVE-2008-0128: tomcat https information disclosure

  - CVE-2005-2090: tomcat HTTP Request Smuggling

- Cross-site scripting (XSS) vulnerability in example JSP     applications. (CVE-2006-7196)

  - Handling of cookies containing a ' character.
    (CVE-2007-3382)

  - Handling of \' in cookies. (CVE-2007-3385)

  - tomcat path traversal / information leak.
    (CVE-2007-5641)

  - directory traversal. (CVE-2007-1860)

  - tomcat https information disclosure. (CVE-2008-0128)

  - tomcat HTTP Request Smuggling. (CVE-2005-2090)

The remote Apache Tomcat web server includes an example JSP application, 'cal2.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

ID	Name	Product	Family	Severity
47029	Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities	Nessus	Web Servers	medium
43837	RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)	Nessus	Red Hat Local Security Checks	critical
43835	RHEL 4 : Satellite Server (RHSA-2008:0261)	Nessus	Red Hat Local Security Checks	critical
31319	openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)	Nessus	SuSE Local Security Checks	medium
31298	SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)	Nessus	SuSE Local Security Checks	medium
26070	Apache Tomcat Sample App cal2.jsp 'time' Parameter XSS (CVE-2006-7196)	Nessus	CGI abuses : XSS	medium

Detections

Analytics

CVE-2006-7196

medium

Tenable Plugins

medium

critical

critical

medium

medium

medium