Re: Cross-site scripting vulnerability

2005-05-28 Thread Mark Thomas
XSS issues have been reported in: - the servlet 2.3 examples (including snoop.jsp) - the manager servlet - the servlet 2.4 examples (affects TC5 only) All of these have been fixed in CVS. Fixes for these are included in Tomcat 5.5.7 onwards. Tomcat 4.1.31 still has the following XSS issues

Cross-site scripting vulnerability

2005-05-27 Thread Narses Barona
Our security tool produces the following warning against Tomcat 4.1.29 : [HTTP/8080/TCP] Server is an enabling vector for cross-site scripting exposure in clients [trace-1]. More... I seached the mailing list and found several references to cross-site scripting. Based on the information, I

Re: Cross-site scripting vulnerability

2005-05-27 Thread Frank W. Zammetti
I notice the more... at the end of that... do you have the more by chance? Cross-site scripting (CSS) vulnerabilities are, generally-speaking, concerned with situations where a server-side process generates HTML dynamically and there is a possibility of input data that has not been scrubed of

Re: Cross-site scripting vulnerability

2004-04-07 Thread Rui Lopes
Shapira, Yoav wrote: Howdy, Fixed in the latest stable releases, upgrade and test for yourself. Yoav Shapira Millennium Research Informatics -Original Message- From: Rui Lopes [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 11:05 AM To: [EMAIL PROTECTED] Subject: Cross-site

Cross-site scripting vulnerability

2004-04-05 Thread Rui Lopes
Hi, Running the Nikto security tool on Tomcat 4.1 produces a warning that it is vulnerable to cross-site scripting attacks. This is the URL it gives https://server IP:443/666%0a%0ascriptalert('Vulnerable');/script666.jsp I edited the the server IP above. I found a reference to this at

RE: Cross-site scripting vulnerability

2004-04-05 Thread Shapira, Yoav
Howdy, Fixed in the latest stable releases, upgrade and test for yourself. Yoav Shapira Millennium Research Informatics -Original Message- From: Rui Lopes [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 11:05 AM To: [EMAIL PROTECTED] Subject: Cross-site scripting vulnerability

[SECURITY] Cross site scripting vulnerability revealed in 'examples' webapp of Apache Tomcat

2002-04-09 Thread Remy Maucherat
Cross Site scripting security vulnerabilities exist in the 'examples' web application which is distributed along with Apache Tomcat. This affects all released versions of Tomcat, including 3.x and 4.x. No other components of Tomcat are currently known to be vulnerable to cross site scripting.

Cross-Site Scripting Vulnerability

2001-07-16 Thread Stefan . Raschke
Hi all this has probably been discussed long ago, but I couldn't find any hints. Is this fixed in tomcat 3.2.2? thanks a lot gruss stefan Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability