header-logo
Suggest Exploit
vendor:
Tomcat
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Tomcat
Affected Version From: Apache Tomcat 4.0.3
Affected Version To: Apache Tomcat 4.0.3
Patch Exists: YES
Related CWE: CVE-2002-0059
CPE: o:apache:tomcat:4.0.3
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2003-168/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

A vulnerability has been reported for Apache Tomcat 4.0.3 on a Microsoft Windows platform

Apache Tomcat 4.0.3 on a Microsoft Windows platform is vulnerable to a cross-site scripting attack. When making a request for a DOS device file name, Tomcat will throw an exception and respond with an error message. It is also possible for information to be appended to the DOS device when making a request. For example, an attacker can append a malicious JavaScript code to the request, such as 'Javascript:alert(document.domain)'.

Mitigation:

Upgrade to Apache Tomcat 4.0.4 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5194/info

A vulnerability has been reported for Apache Tomcat 4.0.3 on a Microsoft Windows platform. Reportedly, it is possible for an attacker to launch a cross site scripting attack.

When making a request for a DOS device file name, Tomcat will throw an exception and respond with an error message. It is also possible for information to be appended to the DOS device when making a request. 

tomcat-server/COM2.IMG%20src= "Javascript:alert(document.domain)"

Navigation

Suggest Exploit

Services By CQR