Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 4.0.0 (including) | 4.0.0 (including) |
| Tomcat | Apache | 4.0.1 (including) | 4.0.1 (including) |
| Tomcat | Apache | 4.0.2 (including) | 4.0.2 (including) |
| Tomcat | Apache | 4.0.3 (including) | 4.0.3 (including) |
| Tomcat | Apache | 4.0.4 (including) | 4.0.4 (including) |
| Tomcat | Apache | 4.0.5 (including) | 4.0.5 (including) |
| Tomcat | Apache | 4.0.6 (including) | 4.0.6 (including) |
| Tomcat | Apache | 4.1.0 (including) | 4.1.0 (including) |
| Tomcat | Apache | 4.1.1 (including) | 4.1.1 (including) |
| Tomcat | Apache | 4.1.2 (including) | 4.1.2 (including) |
| Tomcat | Apache | 4.1.3 (including) | 4.1.3 (including) |
| Tomcat | Apache | 4.1.10 (including) | 4.1.10 (including) |
| Tomcat | Apache | 4.1.15 (including) | 4.1.15 (including) |
| Tomcat | Apache | 4.1.24 (including) | 4.1.24 (including) |
| Tomcat | Apache | 4.1.28 (including) | 4.1.28 (including) |
| Tomcat | Apache | 4.1.31 (including) | 4.1.31 (including) |
| Tomcat | Apache | 4.1.36 (including) | 4.1.36 (including) |
| Tomcat4 | Ubuntu | dapper | * |
| Tomcat4 | Ubuntu | edgy | * |
References
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://osvdb.org/39000
- http://seclists.org/fulldisclosure/2007/Jul/0448.html
- http://secunia.com/advisories/30802
- http://securityreason.com/securityalert/2918
- http://support.apple.com/kb/HT2163
- http://tomcat.apache.org/security-4.html
- http://www.kb.cert.org/vuls/id/862600
- http://www.securityfocus.com/archive/1/474413/100/0/threaded
- http://www.securityfocus.com/bid/24999
- http://www.vupen.com/english/advisories/2007/2618
- http://www.vupen.com/english/advisories/2008/1981/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://osvdb.org/39000
- http://seclists.org/fulldisclosure/2007/Jul/0448.html
- http://secunia.com/advisories/30802
- http://securityreason.com/securityalert/2918
- http://support.apple.com/kb/HT2163
- http://tomcat.apache.org/security-4.html
- http://www.kb.cert.org/vuls/id/862600
- http://www.securityfocus.com/archive/1/474413/100/0/threaded
- http://www.securityfocus.com/bid/24999
- http://www.vupen.com/english/advisories/2007/2618
- http://www.vupen.com/english/advisories/2008/1981/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E