CABI 3.3 Apache Tomcat JavaDoc Spoofing Vulnerability

Document ID : KB000028432
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The following vulnerability is reported by security scanning tools on the CABI 3.3 server

Vulnerability Name:
Apache Tomcat JavaDoc Spoofing Vulnerability

Solution:

This solutions talks in detail about how to fix this vulnerability

Vulnerability Name:
Apache Tomcat JavaDoc Spoofing Vulnerability.

Description:
Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation. Apache has confirmed a vulnerability inTomcat that can allow an attacker to spoof content. The vulnerability is caused by a vulnerable version of JavaDoc tool used by Apache to generate documentation.

Recommendation:
It is recommended to upgrade to the latest version of Apache Tomcat 7.0.53 or later. http://tomcat.apache.org/

The recommendation is to upgrade Tomcat to 7 or higher. But CABI 3.3 supports only Tomcat 6. CABI 3.3 SP1 supports Tomcat 7. Therefore the recommended solution is to apply CABI 3.3 SP1.