You should be able to test if this is working or a false positive by putting the following request in your browser (that has JavaScript enabled). You should get a pop-up window. This is the same test that is happening in the plugin.
/a.jsp/<SCRIPT>alert(document.domain)</script> -Sullo Quoting Kevin Passey <[EMAIL PROTECTED]>: > Hi again, > > This is confusing me : I have one hole that I need to close. > > I am getting a medium risk hole which I don't understand. > > I have a Tomcat 4.0.4 web server running on port 80. > > Nessus is telling me "Older versions of JServ are venerable to a cross site > scripting attack using a request for a non-existent .jsp file. Upgrade to > the latest version of JServ or, for preference use Tomcat, as JServ is no > longer maintained" > > But I am using Tomcat - do I need to upgrade it further - or is this a false > positive? > > Thanks in advance. > > Kevin > - > [EMAIL PROTECTED]: general discussions about Nessus. > * To unsubscribe, send a mail to [EMAIL PROTECTED] with > "unsubscribe nessus" in the body. > - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
