Apache Tomcat Example Web Application Cross Site Scripting Vulnerability

Apache Tomcat Example Web Application Cross Site Scripting Vulnerability

Solution:
HP has released an advisory (HPSBUX0303-249) that contains fixes to address this issue.

This issue will reportedly be addressed by the vendor in Tomcat version 3.3.2.

Fixes available:

Apache Software Foundation Tomcat 3.0

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.1.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2.3

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2.4

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.3

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Debian libapache-mod-jk_3.3a-4woody1_i386.deb
http://security.debian.org/pool/updates/contrib/t/tomcat/libapache-mod -jk_3.3a-4woody1_i386.deb

Debian tomcat_3.3a-4woody1_all.deb
http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4 woody1_all.deb

Apache Software Foundation Tomcat 3.3.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/