CVE-2021-37573 Scanner

TTiny Java Web Server and Servlet Container (TJWS) is an open-source web server and servlet container that is designed to be lightweight and fast. TJWS is widely used by developers who are looking to build fast and efficient web applications, particularly as it offers support for Java Servlet API.

Recently, a severe vulnerability was detected within TJWS, affecting TJWS versions up to 1.115. This vulnerability, identified as CVE-2021-37573, allowed attackers to inject malicious code within the server's "404 Page not Found" error page. Attackers could exploit this vulnerability to inject malicious scripts or HTML code, which could lead to various attacks like cross-site scripting (XSS) and session hijacking.

If exploited, this vulnerability can have serious consequences. Attackers can gain access to user data and sensitive information, which can then be used for various nefarious activities, including identity theft, financial fraud, and espionage. Additionally, the vulnerability allows for the exploitation of user sessions, giving the attacker unauthorized access to the user's account.

At SecurityForEveryone.com, we offer a wide range of tools and services to help ensure that your digital assets are secure and protected. Our platform offers detailed vulnerability reports, as well as real-time alerts and notifications, which can help you stay ahead of potential threats. With our pro features, you can easily and quickly learn about vulnerabilities in your digital assets, and take appropriate action to mitigate any risks. Try our platform today and stay secure!

REFERENCES

• http://packetstormsecurity.com/files/163825/Tiny-Java-Web-Server-1.115-Cross-Site-Scripting.html
• http://seclists.org/fulldisclosure/2021/Aug/13
• https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-042.txt