CVE-2002-1567

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.apache.tomcat/tomcat

Identifiers

GHSA-86fp-jgwm-wgj5, CVE-2002-1567

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

Affected Versions

All versions starting from 4.1.0 before 4.1.29

Solution

Upgrade to version 4.1.29 or above.

Last Modified

2024-02-13

source