Apache Tomcat 6 Cross-Site Scripting Vulnerability
Gravità: : Medio
Identificatori CVE: CVE-2008-1232
Data notifica: 21 luglio 2015
Descrizione
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Software e versione interessati:
- apache tomcat 4.1.0
- apache tomcat 4.1.1
- apache tomcat 4.1.10
- apache tomcat 4.1.12
- apache tomcat 4.1.15
- apache tomcat 4.1.2
- apache tomcat 4.1.24
- apache tomcat 4.1.28
- apache tomcat 4.1.3
- apache tomcat 4.1.31
- apache tomcat 4.1.36
- apache tomcat 5.5.0
- apache tomcat 5.5.1
- apache tomcat 5.5.10
- apache tomcat 5.5.11
- apache tomcat 5.5.12
- apache tomcat 5.5.13
- apache tomcat 5.5.14
- apache tomcat 5.5.15
- apache tomcat 5.5.16
- apache tomcat 5.5.17
- apache tomcat 5.5.18
- apache tomcat 5.5.19
- apache tomcat 5.5.2
- apache tomcat 5.5.20
- apache tomcat 5.5.21
- apache tomcat 5.5.22
- apache tomcat 5.5.23
- apache tomcat 5.5.24
- apache tomcat 5.5.25
- apache tomcat 6.0
- apache tomcat 6.0.0
- apache tomcat 6.0.1
- apache tomcat 6.0.10
- apache tomcat 6.0.11
- apache tomcat 6.0.12
- apache tomcat 6.0.13
- apache tomcat 6.0.14
- apache tomcat 6.0.15
- apache_software_foundation tomcat 4.1
- apache_software_foundation tomcat 4.1.32
- apache_software_foundation tomcat 4.1.34
- apache_software_foundation tomcat 4.1.37
- apache_software_foundation tomcat 5.5.26
- apache_software_foundation tomcat 6.0.16