if HTTP request to Apache Tomcat server contains some cookie and
cookie value contains character with ascii code larger than 128 result
is Error 500 - Internal Server Error.
It's good attack vector for attackers, because one XSS hole is enough
to write one cookie with value ¤ (for example), and for that browser
this site is not accessible anymore.
#3 10. June 2014 - [me > vendor] information and explanation, that one
XSS in SOP (Same-Origin-Policy) scope is enough to "turn off" one
client. I also asked, how to prevent against that problem.
#5 04. September 2014 - [me > vendor] information resent and asked how
the impact is different from
http://www.securityfocus.com/bid/67671/info
#6 05. September 2014 - [vendor > me] Response from Apache. They said,
they have nothing to add to previous comments.
#7 05. September 2014 - [me] publish.
Description of vulnerable software:
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies. The Java Servlet and
JavaServer Pages specifications are developed under the Java Community
Process. [http://tomcat.apache.org/]
Vulnerability:
Cookies what contains at least one symbol out of range 0x80 … 0xff,
causing Internal Server Error.
Preconditions:
Possibility to send "Set-Cookie" command to victim (browser):
If the victim browser has this kind of cookie, then request from
victim's browser cause Internal Server Error a'ka this victim can not
use current web page anymore (till it has the cookie)
XSS payload: document.cookie='tommy=cat¤';
Status:
unknown