Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS

Medium Nessus Plugin ID 20738

Synopsis

The remote web server contains a JSP application that is prone to a cross-site scripting flaw.

Description

The remote host appears to be running Geronimo, an open source J2EE server from the Apache Software Foundation.

The version of Geronimo installed on the remote host includes a JSP application that fails to sanitize user-supplied input to the 'time' parameter before using it to generate a dynamic webpage. An attacker can exploit this flaw to cause arbitrary HTML and script code to be executed in a user's browser within the context of the affected web site.

Solution

Uninstall the example applications or upgrade to Geronimo version 1.0.1 or later.

See Also

http://www.oliverkarow.de/research/geronimo_css.txt

https://issues.apache.org/jira/browse/GERONIMO-1474

Plugin Details

Severity: Medium

ID: 20738

File Name: geronimo_cal2_example_xss.nasl

Version: 1.19

Type: remote

Published: 2006/01/18

Updated: 2018/11/15

Dependencies: 10815, 10107

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apache:geronimo

Exploit Available: false

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2006/01/15

Reference Information

CVE: CVE-2006-0254

BID: 16260

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990