SecurityFocus(情報元のブックマーク数)
あれ、Tomcatにクロスサイトスクリプティングの脆弱性が出ている?
HttpServletResponse.sendError()の処理でなぜエラーになったかを一緒に出すのだが、不正なHTTPヘッダを混入させた場合クロスサイトスクリプティングが発生するそうです。
CVE-2008-1232: Apache Tomcat XSS vulnerability
http://www.securityfocus.com/archive/1/495021
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
Description:
The message argument of HttpServletResponse.sendError() call is not only
displayed on the error page, but is also used for the reason-phrase of HTTP
response. This may include characters that are illegal in HTTP headers. It
is possible for a specially crafted message to result in arbitrary content
being injected into the HTTP response. For a successful XSS attack,
unfiltered user supplied data must be included in the message argument.