FreeBSD : tomcat -- XSS vulnerability in sample applications (ab2575d6-39f0-11dc-b8cc-000fea449b8a)
Medium Nessus Plugin ID 25785
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Apache Project reports :
The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.
SolutionUpdate the affected packages.