- Home
- CVEs with nessus.description==Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could
allow a remote attacker to perform cross-site scripting attacks
(CVE-2007-2449).
Note: it is recommended the 'examples' web application not be
installed on a production system.
The Manager and Host Manager web applications did not escape user
provided data. If a user is logged in to the Manager or Host Manager
web application, an attacker could perform a cross-site scripting
attack (CVE-2007-2450).
Tomcat was found to accept multiple content-length headers in a
request. This could allow attackers to poison a web-cache, bypass web
application firewall protection, or conduct cross-site scripting
attacks. (CVE-2005-2090)
Tomcat permitted various characters as path delimiters. If Tomcat was
used behind certain proxies and configured to only proxy some
contexts, an attacker could construct an HTTP request to work around
the context restriction and potentially access non-proxied content.
(CVE-2007-0450)
The implict-objects.jsp file distributed in the examples webapp
displayed a number of unfiltered header values. If the JSP examples
were accessible, this flaw could allow a remote attacker to perform
cross-site scripting attacks. (CVE-2006-7195)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top