3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.03 Low
EPSS
Percentile
90.9%
Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.
Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability.
When a user logs into Apache Tomcat Web Application Manager, an arbitrary script may be executed on the user’s web browser.
Update the Software
Apache Tomcat 6.0.x users should update to Apache Tomcat 6.0.14.
For more information, refer to the developer’s website.
Workarounds
This issue can be mitigated by logging out (closing the browser) of Web Application Manager when finished.
When using Apache Tomcat 4.x or 5.x, apply the workaround described above as an update has not been provided by the developer.