Apache Tomcat snoop.jsp URI XSS
Medium Nessus Plugin ID 25525
SynopsisThe remote Apache Tomcat web server contains a JSP application that is affected by a cross-site scripting vulnerability.
DescriptionThe remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.
SolutionUndeploy the Tomcat examples web application.