ID CVE-2002-1567
Summary Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 4.1.0
    cpe:2.3:a:apache:tomcat:4.1.0
CVSS
Base: 6.8 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability. CVE-2002-1567. Remote exploit for unix platform
id EDB-ID:21734
last seen 2016-02-02
modified 2002-08-21
published 2002-08-21
reporter Skinnay
source https://www.exploit-db.com/download/21734/
title Apache Tomcat 4.1 - JSP Request Cross-Site Scripting Vulnerability
nessus via4
NASL family CGI abuses : XSS
NASL id TOMCAT_4_1_XSS.NASL
description The version of Apache Tomcat running on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize request strings of malicious JavaScript. A remote, unauthenticated attacker can exploit this to execute arbitrary code by using a URL containing encoded newline characters that are followed by a request to a .jsp file that has a crafted file name.
last seen 2018-01-26
modified 2018-01-24
plugin id 47715
published 2010-07-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=47715
title Apache Tomcat 4.1 XSS
refmap via4
confirm http://tomcat.apache.org/security-4.html
vuln-dev 20020821 Apache Tomcat 4.1 Cross-Site Scripting Vulnerability
Last major update 05-09-2008 - 16:30
Published 06-10-2003 - 00:00
Back to Top