Apache Tomcat XSS Vulnerabilities in Examples Web Application
Moderate severity
GitHub Reviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Sep 22, 2023
Package
Affected versions
>= 4.0.0, <= 4.0.6
>= 5.0.0, <= 5.0.30
>= 5.5.0, <= 5.5.24
>= 6.0.0, <= 6.0.13
Patched versions
None
Description
Published by the National Vulnerability Database
Jun 14, 2007
Published to the GitHub Advisory Database
May 1, 2022
Reviewed
Sep 22, 2023
Last updated
Sep 22, 2023
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the
;
character, as demonstrated by a URI containing asnp/snoop.jsp;
sequence.References