lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jun 2007 19:30:20 -0400 From: Mark Thomas <markt@...che.org> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, Tomcat Users List <users@...cat.apache.org>, Tomcat Developers List <dev@...cat.apache.org> Subject: [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-1358: Apache Tomcat XSS vulnerability in Accept-Language header processing Severity: Low (cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.34 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.20 Tomcat 6.0.0 to 6.0.5 Description: Web pages that display the Accept-Language header value sent by the client are susceptible to a cross-site scripting attack if they assume the Accept-Language header value conforms to RFC 2616. Under normal circumstances this would not be possible to exploit, however older versions of Flash player were known to allow carefully crafted malicious Flash files to make requests with such custom headers. Tomcat now ignores invalid values for Accept-Language headers that do not conform to RFC 2616. Mitigation: 1. Upgrade to fixed version 2. Escape values obtained from Accept-Language header before use. Credit: This issue was reported by Masato Anzai and Toshiharu Sugiyama. References: http://tomcat.apache.org/security.html Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdxWMb7IeiTPGAkMRAgDgAJkBG6sVBDP/8yxGrZ7CqvEXPNW1mACgiL8M CyWgpvE5125qciTSYPJbOgU= =A84r -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists