DO NOT REPLY [Bug 32953] - SERVLETAPI: XSS Issues
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=32953. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=32953 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2005-01-18 16:31 --- Applied the patch: Checking in jsr152/examples/jsp2/el/functions.jsp; /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/el/functions.jsp,v -- functions.jsp new revision: 1.5; previous revision: 1.4 done Checking in jsr152/examples/jsp2/el/implicit-objects.jsp; /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/el/implicit-objects.jsp,v -- implicit-objects.jsp new revision: 1.4; previous revision: 1.3 done More commits to come... Checking in jsr152/examples/jsp2/jspx/textRotate.jspx; /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/jspx/textRotate.jspx,v -- textRotate.jspx new revision: 1.4; previous revision: 1.3 done More commits to come... Checking in jsr152/examples/snp/snoop.jsp; /home/cvs/jakarta-servletapi-5/jsr152/examples/snp/snoop.jsp,v -- snoop.jsp new revision: 1.3; previous revision: 1.2 done -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 32953] - SERVLETAPI: XSS Issues
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=32953. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=32953 --- Additional Comments From [EMAIL PROTECTED] 2005-01-10 20:05 --- Yes, but that has nothing to do with the XSS issue. The Manager application is for managing Tomcat. Therefore, if someone has access to the manager application they are managing (or controlling if you prefer) Tomcat. XSS issues provide an attacker that controls one (untrusted) web site with a mechanism for executing code on a client as if it was from another (trusted) web site. Try a google for XSS for more info. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 32953] - SERVLETAPI: XSS Issues
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=32953. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=32953 --- Additional Comments From [EMAIL PROTECTED] 2005-01-10 03:38 --- Hi... Are you saying when user successfully login to tomcat Web Application Manager, they are able to control the tomcat? Please advice me.. You advice is greatly appreciated. Thanks! (In reply to comment #0) A number of XSS issues have been reported against the examples. I will attach a patch for jakarta-servletapi-5 that fixes the reported issues (and a few others fo a similar nature). -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 32953] - SERVLETAPI: XSS Issues [T20050110000RS060]
Thank you for contacting Dow. Your request will be responded to within 2 business days. Customer Information Group www.dow.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 32953] - SERVLETAPI: XSS Issues
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=32953. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=32953 --- Additional Comments From [EMAIL PROTECTED] 2005-01-05 12:25 --- Created an attachment (id=13896) -- (http://issues.apache.org/bugzilla/attachment.cgi?id=13896action=view) Patch for XSS issues -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]