Cross Site scripting security vulnerabilities exist in the 'examples' web application which is distributed along with Apache Tomcat. This affects all released versions of Tomcat, including 3.x and 4.x.
No other components of Tomcat are currently known to be vulnerable to cross site scripting. To address this security issue, administrators of public servers which have deployed Apache Tomcat should make sure the 'examples' webapp is removed from the deployed Tomcat installation. The 'examples' webapp will be modified in future Apache Tomcat releases to prevent cross site scripting. Background information on cross site scripting: This allows a mailicious website to execute JavaScript code using the security policy of a trusted domain. More information: http://httpd.apache.org/info/css-security/ Remy and Larry -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
