Executive Summary

Summary
Title Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field
Informations
Name VU#862600 First vendor Publication 2007-07-22
Vendor VU-CERT Last vendor Modification 2007-07-22
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#862600

Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field

Overview

The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field.

I. Description

Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat includes a sample page called SendMailServlet, which is provided by sendmail.jsp. This page fails to properly validate input to the "From" field, which creates a cross-site scripting vulnerability. According to the vendor, the following versions of Apache Tomcat are affected

    4.0.0 to 4.0.6
    4.1.0 to 4.1.36

II. Impact

A remote attacker may be able to execute arbitrary script within the security context of the web site running Apache Tomcat. More information about cross-site scripting is available in CERT Advisory CA-2000-02.

III. Solution

Remove the examples web application

This vulnerability can be addressed by removing the "examples" web application.

Systems Affected

VendorStatusDate Updated
Apache TomcatVulnerable22-Jul-2007

References

http://www.cert.org/advisories/CA-2000-02.html
http://tomcat.apache.org/security-4.html
http://seclists.org/fulldisclosure/2007/Jul/0448.html

Credit

Thanks to Tomasz Kuczynski for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public07/21/2007
Date First Published07/22/2007 11:46:19 AM
Date Last Updated07/22/2007
CERT Advisory 
CVE NameCVE-2007-3383
Metric3.83
Document Revision7

Original Source

Url : http://www.kb.cert.org/vuls/id/862600

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 17

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
39000 Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS

Nessus® Vulnerability Scanner

Date Description
2010-06-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO
2007-09-06 Name : The remote web server contains a JSP application that is affected by a cross-...
File : tomcat_sample_sendmail_xss.nasl - Type : ACT_ATTACK