Fixed in Apache Tomcat 5.5.25, 5.0.SVN

Low: Cross-site scripting CVE-2007-2449

JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system.

Affects: 5.0.0-5.0.30, 5.5.0-5.5.24

Low: Cross-site scripting CVE-2007-2450

The Manager and Host Manager web applications did not escape user provided data before including it in the output. This enabled a XSS attack. These applications now filter the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed.

Affects: 5.0.0-5.0.30, 5.5.0-5.5.24

Low: Session hi-jacking CVE-2007-3382

Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.

Affects: 5.0.0-5.0.30, 5.5.0-5.5.24

Low: Session hi-jacking CVE-2007-3385

Tomcat incorrectly handled the character sequence " in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.

Affects: 5.0.0-5.0.30, 5.5.0-5.5.24

Low: Cross-site scripting CVE-2007-3386

The Host Manager Servlet did not filter user supplied data before display. This enabled an XSS attack.

Affects: 5.5.0-5.5.24