Fixed in Tomcat 6.0.11, 5.5.24, 5.0.HEAD, 4.1.HEAD
Description of problem:
Multiple cross-site scripting (XSS) vulnerabilities in the
appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6,
4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0
through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via
the test parameter and unspecified vectors.
tomcat5-5.5.25-1jpp.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.