The host is installed with Apache Tomcat 5.5.0 through 5.5.26 or 6.0.0 through 6.0.16 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails handle the cookie in an https session. Successful exploitation allows remote attackers to inject arbitrary web script or HTML.