Apache Tomcat SendMailServlet sendmail.jsp 'mailfrom' Parameter XSS

Medium Nessus Plugin ID 25995

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 2.2

Synopsis

The remote web server contains a JSP application that is affected by a cross-site scripting vulnerability.

Description

The remote web server includes an example JSP application that fails to sanitize user-supplied input before using it to generate dynamic content in the 'examples/SendMailServlet' servlet. An unauthenticated remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

Solution

Undeploy the Tomcat examples web application.

See Also

https://seclists.org/fulldisclosure/2007/Jul/448

Plugin Details

Severity: Medium

ID: 25995

File Name: tomcat_sample_sendmail_xss.nasl

Version: 1.22

Type: remote

Published: 2007/09/06

Updated: 2021/01/19

Dependencies: 10815, 39446

Risk Information

Risk Factor: Medium

VPR Score: 2.2

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Required KB Items: installed_sw/Apache Tomcat

Exploit Available: false

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2007/07/21

Reference Information

CVE: CVE-2007-3383

BID: 24999

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990