Intrusion Prevention

Apache.Tomcat.Manager.XSS

Description

There are multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications in Apache Tomcat. These vulnerabilities may allow remote authenticated users to inject arbitrary web scripts or HTML, via a parameter name, to manager/html/upload and other vectors.

Affected Products

Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13

Impact

Cross Site Scripting.

Recommended Actions

Currently we are not aware of any offically released patch on this issue.

CVE References

CVE-2007-2450