{"vuid":"VU#862600","idnumber":"862600","name":"Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field","keywords":["Apache","Tomcat","xss","cross-site scripting","FROM","/examples/jsp/mail/sendmail.jsp"],"overview":"The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the \"From\" field.","clean_desc":"Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat includes a sample page called SendMailServlet, which is provided by sendmail.jsp. This page fails to properly validate input to the \"From\" field, which creates a cross-site scripting vulnerability. According to the vendor, the following versions of Apache Tomcat are affected\n4.0.0 to 4.0.6\n4.1.0 to 4.1.36","impact":"A remote attacker may be able to execute arbitrary script within the security context of the web site running Apache Tomcat. More information about cross-site scripting is available in CERT Advisory CA-2000-02.","resolution":"Remove the examples web application\nThis vulnerability can be addressed by removing the \"examples\" web application.","workarounds":"","sysaffected":"","thanks":"Thanks to Tomasz Kuczynski for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://tomcat.apache.org/security-4.html","http://seclists.org/fulldisclosure/2007/Jul/0448.html"],"cveids":["CVE-2007-3383"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-06-25T13:20:40Z","publicdate":"2007-07-21T00:00:00Z","datefirstpublished":"2007-07-22T15:46:21Z","dateupdated":"2007-07-22T15:46:20Z","revision":7,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"6","cam_impact":"4","cam_easeofexploitation":"20","cam_attackeraccessrequired":"17","cam_scorecurrent":"3.825","cam_scorecurrentwidelyknown":"4.59","cam_scorecurrentwidelyknownexploited":"7.65","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.825,"vulnote":null}