Vigil@nce: Apache Tomcat, two vulnerabilities
August 2008 by Vigil@nce
SYNTHESIS
Two vulnerabilities of Apache Tomcat can be used by an attacker to
create a XSS or to obtain information.
Gravity: 2/4
Consequences: client access/rights, data reading
Provenance: internet client
Means of attack: 2 proofs of concept
Ability of attacker: specialist (3/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/08/2008
Identifier: VIGILANCE-VUL-7992
IMPACTED PRODUCTS
– Apache Tomcat [confidential versions]
DESCRIPTION
Two vulnerabilities were announced in Apache Tomcat.
The HttpServletResponse.sendError() function does not correctly
filter the error message which leads to a Cross Site Scripting.
[grav:2/4; CVE-2008-1232]
During request treatment, the "RequestDispatcher" does not
correctly normalise the path to the ressource. An attacker can
thus access to resources which are normaly restricted. [grav:2/4;
CVE-2008-2370]
CHARACTERISTICS
Identifiers: CVE-2008-1232, CVE-2008-2370, VIGILANCE-VUL-7992