Apache Tomcat Accept-Language Cross Site Scripting Vulnerability

Apache Tomcat Accept-Language Cross Site Scripting Vulnerability

Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.

This issue may have been reported as part of the vulnerabilities described in BID 24058 (Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities). Symantec has not been able to confirm this information. We will update this BID when more information emerges.